Download the SAFe Toolset!

The SAFe (Static Analysis Framework) Toolset is a set of open source tools, packaged in easily reusable form (currently, an Ubuntu Virtual Machine), that can be used to perform Software Verification and Validation.

In particular the current version (October 2024) of the SAFe Toolset VM contains:

• A set of static analyzers for C,C++:
  • Cppcheck – v. 2.13;
  • the Clang static analyzers Clang-Static-Analyzer and Clang-Tidy – v. 20.0.0git;
  • [optionally] PC-Lint Plus – v. 2.0 (or PC-Lint – v. 9.0.0L) – its license needs to be acquired from Vector.
• SonarQube – v. 10.7 – a code quality platform used to show and manage the issues found by the static analyzers.
  The Community Edition of SonarQube 10.7 includes the following plugins:
  • Csharp – version 9.32.0;
  • Flex – version 2.12.0;
  • Go – version 1.17.1;
  • Html – version 3.16.0;
  • Jacoco – version 1.3.0;
  • Java – version 8.2.0;
  • Javascript – version 10.16.0;
  • Kotlin – version 2.20.0;
  • Php – version 3.38.0;
  • Python – version 4.22.0;
  • Ruby – version 1.17.1;
  • Scala – version 1.17.1;
  • Vbnet – version 9.32.0;
  • Xml – version 2.10.0.
• Spazio IT has added to this list of plugins its modified version of the SonarQube C++ Community Plugin:
  • SpazioIT C++ Community Plugin – version 2.2.31.

Apart from the static analyzers the SAFe VM contains also some (native and cross) build environments, that is:

• C,C++:
  • GNU GCC Version 9.3.0 – Native;
  • Clang Version 20.0.0git – Native and Cross (Multiplatforms – use the command “llc –version” to see the supported architectures);
  • BCC2: Bare-C Cross-Compiler System for LEON2/3/4 GCC 2.2.3 – Cross;
  • RCC: RTEMS LEON/ERC32 Cross-Compiler System RCC 1.3.1 – Cross;
  • GNU Arm Embedded Toolchain – v. 8-2019-q3-update – Cross.
• Java:
  • OpenJDK – v.1.8.0 and v.17.0.2

Should a user need to work on a codebase not supported by the provided build environments, she would need to install the corresponding compilation tool-chain. Of course, Spazio IT can support her in performing this extra activity.

Additionally Spazio IT has complemented the SAFe Toolset with:

• a specially modified version of SonarQube;
• a specially modified version of the SonarQube C++ Community Plugin;
• the SAFacilitator – an application largely simplifying the usage of static analyzers as well as the integration of their results into SonarQube.

It is recommended to use the SAfe Toolset respecting these workflows.

The development of the SAFe Toolset was funded by the European Space Agency Contract # RFP/3-15558/18/NL/FE/as.

This set of videos show the SAFe Toolset (and especially the SAFacilitator) in action on a real case C codebase.

This other video shows the Java SonarQube integration provided by the SAFacilitator.

The current development version of the SAFe Toolset is available here. The SAFe Toolset manual is available on line.

Please contact Spazio IT in case you’re interested in getting support on the SAFe Toolset.