Skip to main content
Redhat Developers  Logo
  • Products

    Platforms

    • Red Hat Enterprise Linux
      Red Hat Enterprise Linux Icon
    • Red Hat AI
      Red Hat AI
    • Red Hat OpenShift
      Openshift icon
    • Red Hat Ansible Automation Platform
      Ansible icon
    • View All Red Hat Products

    Featured

    • Red Hat build of OpenJDK
    • Red Hat Developer Hub
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenShift Dev Spaces
    • Red Hat OpenShift Local
    • Red Hat Developer Sandbox

      Try Red Hat products and technologies without setup or configuration fees for 30 days with this shared Openshift and Kubernetes cluster.
    • Try at no cost
  • Technologies

    Featured

    • AI/ML
      AI/ML Icon
    • Linux
      Linux Icon
    • Kubernetes
      Cloud icon
    • Automation
      Automation Icon showing arrows moving in a circle around a gear
    • View All Technologies
    • Programming Languages & Frameworks

      • Java
      • Python
      • JavaScript
    • System Design & Architecture

      • Red Hat architecture and design patterns
      • Microservices
      • Event-Driven Architecture
      • Databases
    • Developer Productivity

      • Developer productivity
      • Developer Tools
      • GitOps
    • Automated Data Processing

      • AI/ML
      • Data Science
      • Apache Kafka on Kubernetes
    • Platform Engineering

      • DevOps
      • DevSecOps
      • Ansible automation for applications and services
    • Secure Development & Architectures

      • Security
      • Secure coding
  • Learn

    Featured

    • Kubernetes & Cloud Native
      Openshift icon
    • Linux
      Rhel icon
    • Automation
      Ansible cloud icon
    • AI/ML
      AI/ML Icon
    • View All Learning Resources

    E-Books

    • GitOps Cookbook
    • Podman in Action
    • Kubernetes Operators
    • The Path to GitOps
    • View All E-books

    Cheat Sheets

    • Linux Commands
    • Bash Commands
    • Git
    • systemd Commands
    • View All Cheat Sheets

    Documentation

    • Product Documentation
    • API Catalog
    • Legacy Documentation
  • Developer Sandbox

    Developer Sandbox

    • Access Red Hat’s products and technologies without setup or configuration, and start developing quicker than ever before with our new, no-cost sandbox environments.
    • Explore Developer Sandbox

    Featured Developer Sandbox activities

    • Get started with your Developer Sandbox
    • OpenShift virtualization and application modernization using the Developer Sandbox
    • Explore all Developer Sandbox activities

    Ready to start developing apps?

    • Try at no cost
  • Blog
  • Events
  • Videos

Get started with clang-tidy in Red Hat Enterprise Linux

April 6, 2021
Tom Stellard
Related topics:
CI/CDLinuxSecurity
Related products:
Red Hat Enterprise Linux

Share:

    Clang-tidy is a standalone linter tool for checking C and C++ source code files. It provides an additional set of compiler warnings—called checks—that go above and beyond what is typically included in a C or C++ compiler. Clang-tidy comes with a large set of built-in checks and a framework for writing your own checks, as well.

    Clang-tidy uses the same front-end libraries as the Clang C language compiler. However, because it only takes source files as input, you can use clang-tidy for any C or C++ codebase no matter what compiler you are using.

    This article is a quick introduction to code analysis with clang-tidy, including how to check for rule violations in a simple C-based program and how to integrate clang-tidy with your build system.

    Using clang-tidy in Red Hat Enterprise Linux

    In Red Hat Enterprise Linux (RHEL), clang-tidy is included as part of the LLVM toolset:

    # RHEL7
    $ yum install llvm-toolset-10.0-clang-tools-extra
    
    # RHEL8
    $ yum install clang-tools-extra
    

    The best way to get started with clang-tidy is to review the list of included checks to see which ones might be useful for your codebase. The Clang-tidy project page includes a summary of the different kinds of checks available. You can see a list of the individual checks available by running:

    $ clang-tidy -checks=* -list-checks
    

    Today, we are going to focus on the checks for the SEI CERT Secure Coding Standard, which are denoted in clang-tidy by the cert- prefix.

    Note: The SEI CERT Secure Coding Standard is maintained by the computer emergency response team (CERT) for the Software Engineering Institute (SEI).

    Checking for errors with clang-tidy

    The following example program violates two of the CERT Secure Coding Standard rules, ENV33-C and ERR34-C:

    #include <stdlib.h>
    
    int string_to_int(const char *num) {
      return atoi(num);
    }
    
    void ls() {
      system("ls");
    }
    

    Let's see what happens when we run clang-tidy on this code:

    $ clang-tidy -checks=cert-* -warnings-as-errors=* cert-err.c
    
    2 warnings generated.
    cert-err.c:4:10: error: 'atoi' used to convert a string to an integer value, but function will not report conversion errors; consider using 'strtol' instead [cert-err34-c,-warnings-as-errors]
      return atoi(num);
             ^
    cert-err.c:8:3: error: calling 'system' uses a command processor [cert-env33-c,-warnings-as-errors]
      system("ls");
      ^
    

    The -checks=cert-* option tells clang-tidy to enable all of the CERT Secure Coding Standard checks, and the -warnings-as-errors=* option tells it to treat all warnings as errors. The -warnings-as-errors takes a wildcard argument, so you can choose which warnings to promote to errors. For example, if you wanted to enable all checks, but only generate an error on the CERT checks, you could do this:

    $ clang-tidy -checks=* -warnings-as-errors=cert-* cert-err.c
    

    Integrate clang-tidy into your build system

    In addition to manually running clang-tidy on your source files, you can also integrate the tool into your build system. Build integration makes it easier to automate the checks and include them in a continuous integration (CI) system. A simple way to integrate clang-tidy into your build is to run the checks as part of a check target, using make or a similar build tool.

    Looking back at our previous example, we can construct a simple makefile with a clang-tidy integration:

    SOURCES=cert-err.c
    OBJS=cert-err.o
    
    all: $(OBJS)
    
    %.o: %.c
            $(CC) -c -o $@ $< $(CPPFLAGS) $(CFLAGS)
    
    check: $(SOURCES)
            clang-tidy $(CPPFLAGS) -checks=cert-* --warnings-as-errors=* $(SOURCES)
    

    Now, we can run ourclang-tidy checks using make check.

    Using a compilation database

    If you are using a CMake base build system, clang-tidy can employ a compilation database. That way, you don't need to manually pass the same CPPFLAGS you used while compiling. To generate the compilation database, you just need to pass the -DCMAKE_EXPORT_COMPILE_COMMANDS=ON option to CMake when configuring. Here's an example CMake configuration for using the compilation database:

    set(sources ${CMAKE_SOURCE_DIR}/cert-err.c)
    
    add_library(cert-err ${sources})
    
    add_custom_target(
        clang-tidy-check clang-tidy -p ${CMAKE_BINARY_DIR}/compile_commands.json -checks=cert* ${sources}
        DEPENDS ${sources})
    
    add_custom_target(check DEPENDS clang-tidy-check)
    

    When you configure with CMake, it will generate a file called compile_commands.json, which clang-tidy uses to determine which compiler flags to employ:

    $ cmake . -DCMAKE_EXPORT_COMPILE_COMMANDS=ON
    $ make clang-tidy-check
    

    Conclusion

    This was a basic introduction to clang-tidy, but there is much more that you can do with it. For more information, read the upstream Clang-tidy project page.

    Last updated: October 7, 2022

    Recent Posts

    • How to enable Ansible Lightspeed intelligent assistant

    • Why some agentic AI developers are moving code from Python to Rust

    • Confidential VMs: The core of confidential containers

    • Benchmarking with GuideLLM in air-gapped OpenShift clusters

    • Run Qwen3-Next on vLLM with Red Hat AI: A step-by-step guide

    Red Hat Developers logo LinkedIn YouTube Twitter Facebook

    Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform

    Build

    • Developer Sandbox
    • Developer Tools
    • Interactive Tutorials
    • API Catalog

    Quicklinks

    • Learning Resources
    • E-books
    • Cheat Sheets
    • Blog
    • Events
    • Newsletter

    Communicate

    • About us
    • Contact sales
    • Find a partner
    • Report a website issue
    • Site Status Dashboard
    • Report a security problem

    RED HAT DEVELOPER

    Build here. Go anywhere.

    We serve the builders. The problem solvers who create careers with code.

    Join us if you’re a developer, software engineer, web designer, front-end designer, UX designer, computer scientist, architect, tester, product manager, project manager or team lead.

    Sign me up

    Red Hat legal and privacy links

    • About Red Hat
    • Jobs
    • Events
    • Locations
    • Contact Red Hat
    • Red Hat Blog
    • Inclusion at Red Hat
    • Cool Stuff Store
    • Red Hat Summit
    © 2025 Red Hat

    Red Hat legal and privacy links

    • Privacy statement
    • Terms of use
    • All policies and guidelines
    • Digital accessibility

    Report a website issue