GitHub supports Autosar C++, Cert C++ for functional safety applications
The latest innovations in the automotive sector have triggered a massive digital transformation in how vehicles are built. A modern automotive vehicle is composed of interconnected systems with millions of lines of code leveraged by drivers in their day-to-day lives around the globe. As such, development teams in this sector are responsible for ensuring the utmost quality and safety controls while innovating to deliver better user experiences.
To help ensure this software is safe and reliable, the community has built governance standards, such as ISO 26262, to ensure each software component is built free of errors that could trigger any critical failures. More recently, the community expanded this regulation through ISO 21434 to minimize the risk of cybersecurity-related incidents in this software.
In partnership with Woven Planet, GitHub has released CodeQL queries that implement the standards CERT C++ and Autosar C++. GitHub’s code scanning capabilities leverage the CodeQL analysis engine to find security bugs in source code and surface alerts in pull requests—before the vulnerable code gets merged and released. Implementing these checks within GitHub enables automotive development teams to ship compliant and secure software without sacrificing collaboration or agility.
Additionally, in alignment with GitHub’s commitment to fostering global innovation and collaboration through open source, GitHub plans to open source these CodeQL queries. GitHub believes that by empowering open-source maintainers and developers to innovate on software that complies with the coding standards requirements of ISO 26262, a move to accelerate innovation in embedded software development.
While software analysis tools cannot, on their own, fully ensure compliance with the automotive ISO 26262, they can aid developers looking to demonstrate compliance under Part 6, which covers “Product Development at the Software Level.” Part 6 of the standard seeks to ensure the functional safety of road vehicles and examines the correctness of software design and implementation. With GitHub code scanning, developers can find and fix security bugs and critical defects the moment they’re introduced into code. CERT C++ and Autosar C++, C++11, and 14 coding standard violations can be automatically reported using GitHub code scanning and its extensions.
Users who would like to extend the capabilities of the CodeQL queries can contribute to the CodeQL packs, and make your contribution available to the world! Once published, CodeQL packs are easily shared with others and executed in their CI/CD pipeline. Users and programmers who have a query to contribute that they think is general purpose and applicable to all repositories in all situations, can then contribute it to GitHub’s open source CodeQL query repository.