QA-MISRA Compliance Matrices for CWE, SEI CERT C/C++, JSF AV C++, ISO/IEC TS 17961:2013 & HIS Metrics

QA-MISRA is a robust static analyzer designed to identify and rectify coding guideline violations, ensuring software safety and security. It adheres to international standards such as MISRA-C:2004, MISRA-C:2012, MISRA-C++:2008, AUTOSAR C++14, ISO/IEC TS 17961:2013, CERT, JSF AV C++, and CWE rule sets. Additionally, it includes coding style rules and HIS-Metrics thresholds.

This document provides a helpful overview of static analysis capabilities in QA-MISRA for assessing compliance with various coding guidelines, standards, and metrics. Support is strongest for MISRA CWE, SEI CERT C/C++, JSF AV C++ and ISO/IEC TS 17961:2013 & HIS rules.

• The document provides compliance matrices for several coding guidelines including CWE, SEI CERT C/C++, JSF AV C++, and ISO/IEC TS 17961:2013.
• For CWE, 25 of 183 rules (14%) are checked.
• For SEI CERT C, 103 of 285 rules (36%) are checked. For SEI CERT C++, 47 of 163 rules (28%) are checked.
• For JSF AV C++, 145 of 227 rules (64%) are implicitly checkable.
• For ISO/IEC TS 17961:2013, 37 of 46 rules (80%) are checked.
• The compliance matrices detail the level of support provided by the QA-MISRA static analyzer for each rule in these guidelines.
• Support levels range from fully checked, indicating precise enforcement, to partially checked, implicitly checkable, and not checked.
• Fully checked is the highest level of support, guaranteeing detection of violations.
• The matrices provide useful information on the capabilities of QA-MISRA in enforcing these various coding guidelines.