← Policy gallery

cert_static_analysis_before_commit

coding-standards workflow pure_temporal secure-codingcertseirisk-basedverificationrag-red

Source is checked against the CERT C / C++ ruleset by static analysis before it is committed.

Formula

G(GitCommit → P(StaticAnalysis ∧ cert_ruleset))

Why it matters

SEI CERT conformance: an analyzer diagnoses rule violations; conformance is established by analysis (plus manual review for undecidable rules) before code is accepted.

Examples

passes the risk/remediation step is evidenced

fails the required assessment/remediation is absent

Use it

ponens policies add cert_static_analysis_before_commit --into ./trace.json
ponens trace check ./trace.json