From 5093419f4f3d3482ec9e0e1c6891a8c11c5d78bf Mon Sep 17 00:00:00 2001
From: Mykola Kobets <mykola_kobets@epam.com>
Date: Thu, 19 Jun 2025 11:12:56 +0300
Subject: [PATCH 01/13] github: add github workflows

Signed-off-by: Mykola Kobets <mykola_kobets@epam.com>
Reviewed-by: Oleksandr Grytsov <oleksandr_grytsov@epam.com>
Reviewed-by: Mykola Solianko <mykola_solianko@epam.com>
---
 .github/workflows/build_test.yaml   | 102 ++++++++++++++++++++++++++++
 .github/workflows/check_format.yaml |  29 ++++++++
 suppressions.txt                    |   4 ++
 3 files changed, 135 insertions(+)
 create mode 100644 .github/workflows/build_test.yaml
 create mode 100644 .github/workflows/check_format.yaml
 create mode 100644 suppressions.txt

diff --git a/.github/workflows/build_test.yaml b/.github/workflows/build_test.yaml
new file mode 100644
index 000000000..cec7bd52b
--- /dev/null
+++ b/.github/workflows/build_test.yaml
@@ -0,0 +1,102 @@
+name: Build and test
+
+on:
+  push:
+    branches:
+      - main
+      - develop
+
+  pull_request_target:
+    types:
+      - edited
+      - opened
+      - reopened
+      - synchronize
+
+    branches:
+      - main
+      - develop
+      - feature*
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    permissions: read-all
+    container:
+      image: ghcr.io/aosedge/aos-core-build-base:latest
+      options: "--entrypoint /usr/bin/bash"
+      credentials:
+        username: ${{ github.actor }}
+        password: ${{ github.token }}
+
+    env:
+      BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory
+
+    steps:
+      # Apply solution to "HOME is overridden for containers" problem: https://github.com/actions/runner/issues/863
+      - name: Preserve $HOME set in the container
+        run: echo HOME=/root >> "$GITHUB_ENV"
+
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{github.event.pull_request.head.ref}}
+          repository: ${{github.event.pull_request.head.repo.full_name}}
+          fetch-depth: 0
+
+      - name: Install Build Wrapper
+        uses: SonarSource/sonarqube-scan-action/install-build-wrapper@v4
+
+      - name: Build using SonarQube Build Wrapper
+        run: |
+          mkdir build
+
+          conan profile detect --force
+
+          conan install ./conan/ --output-folder build --settings=build_type=Debug --build=missing
+          cmake -S . -B build -DCMAKE_BUILD_TYPE=Debug -DWITH_TEST=ON -DWITH_COVERAGE=ON -G "Unix Makefiles" \
+            -DWITH_MBEDTLS=OFF -DWITH_OPENSSL=ON -DCMAKE_TOOLCHAIN_FILE=./conan_toolchain.cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=ON
+          build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} cmake --build ./build/ --config Debug --parallel
+
+      - name: Run Tests
+        run: |
+          (cd build && make coverage)
+
+      - name: Static analysis
+        run: |
+          cppcheck --enable=all --inline-suppr -I src --std=c++17 --error-exitcode=1 \
+          --suppressions-list=./suppressions.txt --project=build/compile_commands.json src
+
+      - name: Upload codecov report
+        uses: codecov/codecov-action@v4
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: ./build/coverage.total
+
+      - name: SonarCloud Scan on push
+        if: github.event_name == 'push'
+        uses: SonarSource/sonarqube-scan-action@v4
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+        with:
+          args: >
+            --define sonar.cfamily.compile-commands="${{ env.BUILD_WRAPPER_OUT_DIR }}/compile_commands.json"
+            --define sonar.coverageReportPaths=build/coverage_sonarqube.xml
+
+      - name: SonarCloud Scan on pull request
+        if: github.event_name == 'pull_request_target'
+        uses: SonarSource/sonarqube-scan-action@v4
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+        with:
+          projectBaseDir: "."
+          args: >
+            --define sonar.scm.revision=${{ github.event.pull_request.head.sha }}
+            --define sonar.pullrequest.key=${{ github.event.pull_request.number }}
+            --define sonar.pullrequest.branch=${{ github.event.pull_request.head.ref }}
+            --define sonar.pullrequest.base=${{ github.event.pull_request.base.ref }}
+            --define sonar.cfamily.compile-commands="${{ env.BUILD_WRAPPER_OUT_DIR }}/compile_commands.json"
+            --define sonar.coverageReportPaths=build/coverage_sonarqube.xml
diff --git a/.github/workflows/check_format.yaml b/.github/workflows/check_format.yaml
new file mode 100644
index 000000000..180a942a6
--- /dev/null
+++ b/.github/workflows/check_format.yaml
@@ -0,0 +1,29 @@
+name: Check formatting
+
+on:
+  push:
+    branches:
+      - main
+
+  pull_request:
+    branches:
+      - develop
+      - feature_*
+
+jobs:
+  formatting-check:
+    name: Formatting Check
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run clang-format style check
+        uses: jidicula/clang-format-action@v4.11.0
+        with:
+          clang-format-version: "15"
+
+      - name: Run cmake-format style check
+        run: |
+          python -m pip install --upgrade pip
+          pip install cmake_format
+          find . \( \( -not -path '*/build/*' \) -name '*.cmake' -or -name 'CMakeLists.txt' \) \
+            -exec cmake-format --check {} +;
diff --git a/suppressions.txt b/suppressions.txt
new file mode 100644
index 000000000..de028f034
--- /dev/null
+++ b/suppressions.txt
@@ -0,0 +1,4 @@
+missingIncludeSystem
+unusedFunction
+syntaxError
+preprocessorErrorDirective

From e044c86c83729a5ec8f92004fefdebecbb489543 Mon Sep 17 00:00:00 2001
From: Mykola Kobets <mykola_kobets@epam.com>
Date: Thu, 19 Jun 2025 16:06:39 +0300
Subject: [PATCH 02/13] iam: fix clang format

Signed-off-by: Mykola Kobets <mykola_kobets@epam.com>
Reviewed-by: Oleksandr Grytsov <oleksandr_grytsov@epam.com>
Reviewed-by: Mykola Solianko <mykola_solianko@epam.com>
---
 src/iam/visidentifier/tests/pocowsclient_test.cpp  | 1 -
 src/iam/visidentifier/tests/visidentifier_test.cpp | 1 -
 2 files changed, 2 deletions(-)

diff --git a/src/iam/visidentifier/tests/pocowsclient_test.cpp b/src/iam/visidentifier/tests/pocowsclient_test.cpp
index 58375e627..3c94ed2d1 100644
--- a/src/iam/visidentifier/tests/pocowsclient_test.cpp
+++ b/src/iam/visidentifier/tests/pocowsclient_test.cpp
@@ -18,7 +18,6 @@
 #include "mocks/identhandlermock.hpp"
 #include "visserver.hpp"
 
-
 using namespace testing;
 
 namespace aos::iam::visidentifier {
diff --git a/src/iam/visidentifier/tests/visidentifier_test.cpp b/src/iam/visidentifier/tests/visidentifier_test.cpp
index d0d4f43bf..bb314e7b8 100644
--- a/src/iam/visidentifier/tests/visidentifier_test.cpp
+++ b/src/iam/visidentifier/tests/visidentifier_test.cpp
@@ -16,7 +16,6 @@
 #include "mocks/identhandlermock.hpp"
 #include "mocks/wsclientmock.hpp"
 
-
 using namespace testing;
 
 namespace aos::iam::visidentifier {

From 82dc4932e0b95de6ddcf4a089f641a1a4843f71d Mon Sep 17 00:00:00 2001
From: Mykola Kobets <mykola_kobets@epam.com>
Date: Thu, 19 Jun 2025 16:27:44 +0300
Subject: [PATCH 03/13] workflows: turn off vchan for CI build

Signed-off-by: Mykola Kobets <mykola_kobets@epam.com>
Reviewed-by: Oleksandr Grytsov <oleksandr_grytsov@epam.com>
Reviewed-by: Mykola Solianko <mykola_solianko@epam.com>
---
 .github/workflows/build_test.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build_test.yaml b/.github/workflows/build_test.yaml
index cec7bd52b..023fee363 100644
--- a/.github/workflows/build_test.yaml
+++ b/.github/workflows/build_test.yaml
@@ -54,7 +54,7 @@ jobs:
           conan profile detect --force
 
           conan install ./conan/ --output-folder build --settings=build_type=Debug --build=missing
-          cmake -S . -B build -DCMAKE_BUILD_TYPE=Debug -DWITH_TEST=ON -DWITH_COVERAGE=ON -G "Unix Makefiles" \
+          cmake -S . -B build -DCMAKE_BUILD_TYPE=Debug -DWITH_TEST=ON -DWITH_COVERAGE=ON -DWITH_VCHAN=OFF -G "Unix Makefiles" \
             -DWITH_MBEDTLS=OFF -DWITH_OPENSSL=ON -DCMAKE_TOOLCHAIN_FILE=./conan_toolchain.cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=ON
           build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} cmake --build ./build/ --config Debug --parallel
 

From 235113ee121a6bcb23bc4b836550b3ece059ec6b Mon Sep 17 00:00:00 2001
From: Mykola Kobets <mykola_kobets@epam.com>
Date: Thu, 19 Jun 2025 16:57:51 +0300
Subject: [PATCH 04/13] common: add missing include

Signed-off-by: Mykola Kobets <mykola_kobets@epam.com>
Reviewed-by: Oleksandr Grytsov <oleksandr_grytsov@epam.com>
Reviewed-by: Mykola Solianko <mykola_solianko@epam.com>
---
 src/common/logger/logger.hpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/common/logger/logger.hpp b/src/common/logger/logger.hpp
index 617f965fb..fdcdf0c2b 100644
--- a/src/common/logger/logger.hpp
+++ b/src/common/logger/logger.hpp
@@ -9,6 +9,7 @@
 #define AOS_COMMON_LOGGER_LOGGER_HPP_
 
 #include <mutex>
+#include <string>
 
 #include <aos/common/tools/log.hpp>
 

From 775a47b834718c1c297bbc657430a18359f2f1b4 Mon Sep 17 00:00:00 2001
From: Mykola Kobets <mykola_kobets@epam.com>
Date: Thu, 19 Jun 2025 20:15:30 +0300
Subject: [PATCH 05/13] workflows: fix coverage step

Signed-off-by: Mykola Kobets <mykola_kobets@epam.com>
Reviewed-by: Oleksandr Grytsov <oleksandr_grytsov@epam.com>
Reviewed-by: Mykola Solianko <mykola_solianko@epam.com>
---
 .github/workflows/build_test.yaml | 3 ++-
 CMakeLists.txt                    | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build_test.yaml b/.github/workflows/build_test.yaml
index 023fee363..503095a0a 100644
--- a/.github/workflows/build_test.yaml
+++ b/.github/workflows/build_test.yaml
@@ -60,7 +60,8 @@ jobs:
 
       - name: Run Tests
         run: |
-          (cd build && make coverage)
+          cd build
+          make coverage
 
       - name: Static analysis
         run: |
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 7ccde8f03..555cfaeb5 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -103,7 +103,8 @@ if(WITH_COVERAGE)
 
     append_coverage_compiler_flags()
 
-    set(COVERAGE_EXCLUDES "build/*" "tests/*" "/usr/*")
+    set(COVERAGE_EXCLUDES "build/*" "/usr/*")
+    set(GCOVR_ADDITIONAL_ARGS --gcov-ignore-parse-errors negative_hits.warn)
 
     setup_target_for_coverage_lcov(
         NAME

From 42bdf27b3bbbbb19cc19ac32d12b8bfecc49aa97 Mon Sep 17 00:00:00 2001
From: Mykola Kobets <mykola_kobets@epam.com>
Date: Thu, 19 Jun 2025 20:16:38 +0300
Subject: [PATCH 06/13] workflows: cppcheck step fix

Signed-off-by: Mykola Kobets <mykola_kobets@epam.com>
Reviewed-by: Oleksandr Grytsov <oleksandr_grytsov@epam.com>
Reviewed-by: Mykola Solianko <mykola_solianko@epam.com>
---
 .github/workflows/build_test.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build_test.yaml b/.github/workflows/build_test.yaml
index 503095a0a..71e40c701 100644
--- a/.github/workflows/build_test.yaml
+++ b/.github/workflows/build_test.yaml
@@ -66,7 +66,7 @@ jobs:
       - name: Static analysis
         run: |
           cppcheck --enable=all --inline-suppr -I src --std=c++17 --error-exitcode=1 \
-          --suppressions-list=./suppressions.txt --project=build/compile_commands.json src
+          --suppressions-list=./suppressions.txt --project=build/compile_commands.json --file-filter='src/*'
 
       - name: Upload codecov report
         uses: codecov/codecov-action@v4

From c17a01ae522061e0813102be446d244523eff7b9 Mon Sep 17 00:00:00 2001
From: Mykola Kobets <mykola_kobets@epam.com>
Date: Fri, 20 Jun 2025 12:23:13 +0300
Subject: [PATCH 07/13] ci: setup sonar properties

Signed-off-by: Mykola Kobets <mykola_kobets@epam.com>
Reviewed-by: Oleksandr Grytsov <oleksandr_grytsov@epam.com>
Reviewed-by: Mykola Solianko <mykola_solianko@epam.com>
---
 sonar-project.properties | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 sonar-project.properties

diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 000000000..b6b6574c2
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1,12 @@
+sonar.projectKey=aosedge_aos_core_cpp
+sonar.organization=aosedge
+
+sonar.sources=src/
+sonar.exclusions=**/tests/**
+
+sonar.tests=src/
+sonar.test.inclusions=**/tests/**
+
+sonar.coverage.exclusions=**/tests/**
+
+sonar.cfamily.compile-commands=build/compile_commands.json

From 3790312064aa6d6397ef9e06fd72df23c4f6b993 Mon Sep 17 00:00:00 2001
From: Mykola Kobets <mykola_kobets@epam.com>
Date: Fri, 20 Jun 2025 17:36:17 +0300
Subject: [PATCH 08/13] readme: add ci bages

Signed-off-by: Mykola Kobets <mykola_kobets@epam.com>
Reviewed-by: Oleksandr Grytsov <oleksandr_grytsov@epam.com>
Reviewed-by: Mykola Solianko <mykola_solianko@epam.com>
---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index 90f948d17..de947e084 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,7 @@
+[![ci](https://github.com/aosedge/aos_core_cpp/actions/workflows/build_test.yaml/badge.svg)](https://github.com/aosedge/aos_core_cpp/actions/workflows/build_test.yaml)
+[![codecov](https://codecov.io/gh/aosedge/aos_core_cpp/graph/badge.svg?token=MknkthRkpf)](https://codecov.io/gh/aosedge/aos_core_cpp)
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=aosedge_aos_core_cpp&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=aosedge_aos_core_cpp)
+
 # AosCore C++ implementation
 
 ## Prepare build environment

From cd497607c102b1ed772d1dfcfd0b88378baf5d38 Mon Sep 17 00:00:00 2001
From: Mykola Kobets <mykola_kobets@epam.com>
Date: Fri, 20 Jun 2025 20:55:47 +0300
Subject: [PATCH 09/13] wip: run ci on push for feature branch

Signed-off-by: Mykola Kobets <mykola_kobets@epam.com>
---
 .github/workflows/build_test.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/build_test.yaml b/.github/workflows/build_test.yaml
index 71e40c701..860692bb0 100644
--- a/.github/workflows/build_test.yaml
+++ b/.github/workflows/build_test.yaml
@@ -5,6 +5,7 @@ on:
     branches:
       - main
       - develop
+      - feature*
 
   pull_request_target:
     types:

From 030cac405ea2162afab4994825d13c69bc01e42c Mon Sep 17 00:00:00 2001
From: Mykola Kobets <mykola_kobets@epam.com>
Date: Fri, 20 Jun 2025 23:36:11 +0300
Subject: [PATCH 10/13] iam: common: fix cppcheck errors

Signed-off-by: Mykola Kobets <mykola_kobets@epam.com>
Reviewed-by: Oleksandr Grytsov <oleksandr_grytsov@epam.com>
Reviewed-by: Mykola Solianko <mykola_solianko@epam.com>
---
 src/common/jsonprovider/jsonprovider.cpp      |  2 +
 src/common/migration/tests/migration.cpp      |  2 +-
 src/common/network/interfacemanager.cpp       |  5 +-
 src/common/ocispec/imagespec.cpp              |  1 +
 src/common/ocispec/serviceconfig.cpp          |  6 +++
 src/common/tests/utils/partition.cpp          |  7 ++-
 src/common/utils/time.cpp                     |  1 +
 src/iam/config/config.cpp                     |  5 +-
 src/iam/fileidentifier/fileidentifier.cpp     |  2 +-
 src/iam/iamserver/tests/stubs/storagestub.cpp | 51 ++++++++++---------
 src/iam/nodeinfoprovider/nodeinfoprovider.cpp |  4 ++
 src/iam/visidentifier/tests/visserver.cpp     |  1 +
 src/iam/visidentifier/visidentifier.cpp       |  1 +
 .../communication/tests/stubs/storagestub.cpp | 44 ++++++++--------
 suppressions.txt                              |  2 +
 15 files changed, 81 insertions(+), 53 deletions(-)

diff --git a/src/common/jsonprovider/jsonprovider.cpp b/src/common/jsonprovider/jsonprovider.cpp
index 87bcbd57b..3bcc5ab36 100644
--- a/src/common/jsonprovider/jsonprovider.cpp
+++ b/src/common/jsonprovider/jsonprovider.cpp
@@ -254,6 +254,7 @@ AlertRulePercents AlertRulePercentsFromJSON(const utils::CaseInsensitiveObjectWr
     if (const auto minTimeout = object.GetOptionalValue<std::string>("minTimeout"); minTimeout.has_value()) {
         Error err;
 
+        // cppcheck-suppress unusedScopedObject
         Tie(percents.mMinTimeout, err) = utils::ParseDuration(minTimeout->c_str());
         AOS_ERROR_CHECK_AND_THROW(err, "min timeout parsing error");
     }
@@ -271,6 +272,7 @@ AlertRulePoints AlertRulePointsFromJSON(const utils::CaseInsensitiveObjectWrappe
     if (const auto minTimeout = object.GetOptionalValue<std::string>("minTimeout"); minTimeout.has_value()) {
         Error err;
 
+        // cppcheck-suppress unusedScopedObject
         Tie(points.mMinTimeout, err) = utils::ParseDuration(minTimeout->c_str());
         AOS_ERROR_CHECK_AND_THROW(err, "min timeout parsing error");
     }
diff --git a/src/common/migration/tests/migration.cpp b/src/common/migration/tests/migration.cpp
index 0d785d2a5..2825ed38c 100644
--- a/src/common/migration/tests/migration.cpp
+++ b/src/common/migration/tests/migration.cpp
@@ -121,7 +121,7 @@ TEST_F(MigrationTest, MergeMigration)
 
     WriteMigrationScript(secondDownSql, "CREATE TABLE IF NOT EXISTS test2 (id INTEGER PRIMARY KEY);", cMigrationDir);
 
-    aos::common::migration::Migration migration {*mSession, cMigrationDir, cMergedMigrationDir};
+    [[maybe_unused]] aos::common::migration::Migration migration {*mSession, cMigrationDir, cMergedMigrationDir};
 
     EXPECT_TRUE(fs::exists(fs::path(cMergedMigrationDir) / firstUpSql));
     EXPECT_TRUE(fs::exists(fs::path(cMergedMigrationDir) / secondUpSql));
diff --git a/src/common/network/interfacemanager.cpp b/src/common/network/interfacemanager.cpp
index 0e8f4d0d9..78be21ff5 100644
--- a/src/common/network/interfacemanager.cpp
+++ b/src/common/network/interfacemanager.cpp
@@ -248,7 +248,7 @@ Error InterfaceManager::GetAddrList(const String& ifname, int family, Array<IPAd
             IPAddr ipAddr;
             ipAddr.mFamily = rtnl_addr_get_family(addr);
 
-            if (auto local = rtnl_addr_get_local(addr); local) {
+            if (const auto* local = rtnl_addr_get_local(addr); local) {
                 char buf[INET6_ADDRSTRLEN];
 
                 nl_addr2str(local, buf, sizeof(buf));
@@ -468,7 +468,7 @@ Error InterfaceManager::GetRouteList(Array<RouteInfo>& routes) const
         info.mLinkIndex = rtnl_route_nh_get_ifindex(nh);
 
         if (rtnl_route_get_table(route) == RT_TABLE_MAIN) {
-            if (auto* dst = rtnl_route_get_dst(route); dst && nl_addr_get_prefixlen(dst) > 0) {
+            if (const auto* dst = rtnl_route_get_dst(route); dst && nl_addr_get_prefixlen(dst) > 0) {
                 char buf[INET6_ADDRSTRLEN];
 
                 nl_addr2str(dst, buf, sizeof(buf));
@@ -550,6 +550,7 @@ Error InterfaceManager::CreateVlan(const String& name, uint64_t vlanId)
     vlanAttrs.mName        = name.CStr();
     vlanAttrs.mParentIndex = masterIndex;
 
+    // cppcheck-suppress unusedScopedObject
     if (Tie(vlanAttrs.mMac, err) = GenerateMACAddress(*mRandom); !err.IsNone()) {
         return err;
     }
diff --git a/src/common/ocispec/imagespec.cpp b/src/common/ocispec/imagespec.cpp
index 1952976d5..b596158e2 100644
--- a/src/common/ocispec/imagespec.cpp
+++ b/src/common/ocispec/imagespec.cpp
@@ -107,6 +107,7 @@ Error OCISpec::LoadImageSpec(const String& path, aos::oci::ImageSpec& imageSpec)
         imageSpec.mVariant      = variant.c_str();
 
         if (const auto created = wrapper.GetOptionalValue<std::string>("created"); created.has_value()) {
+            // cppcheck-suppress unusedScopedObject
             Tie(imageSpec.mCreated, err) = utils::FromUTCString(created->c_str());
             AOS_ERROR_CHECK_AND_THROW(err, "created time parsing error");
         }
diff --git a/src/common/ocispec/serviceconfig.cpp b/src/common/ocispec/serviceconfig.cpp
index cadc2a95d..2a0d76b6f 100644
--- a/src/common/ocispec/serviceconfig.cpp
+++ b/src/common/ocispec/serviceconfig.cpp
@@ -34,12 +34,14 @@ void RunParametersFromJSON(const utils::CaseInsensitiveObjectWrapper& object, Ru
     Error err;
 
     if (const auto startInterval = object.GetOptionalValue<std::string>("startInterval"); startInterval.has_value()) {
+        // cppcheck-suppress unusedScopedObject
         Tie(params.mStartInterval, err) = utils::ParseDuration(*startInterval);
         AOS_ERROR_CHECK_AND_THROW(err, "start interval parsing error");
     }
 
     if (const auto restartInterval = object.GetOptionalValue<std::string>("restartInterval");
         restartInterval.has_value()) {
+        // cppcheck-suppress unusedScopedObject
         Tie(params.mRestartInterval, err) = utils::ParseDuration(*restartInterval);
         AOS_ERROR_CHECK_AND_THROW(err, "restart interval parsing error");
     }
@@ -302,6 +304,7 @@ AlertRulePercents AlertRulePercentsFromJSON(const utils::CaseInsensitiveObjectWr
     if (const auto minTimeout = object.GetOptionalValue<std::string>("minTimeout"); minTimeout.has_value()) {
         Error err;
 
+        // cppcheck-suppress unusedScopedObject
         Tie(percents.mMinTimeout, err) = utils::ParseDuration(minTimeout->c_str());
         AOS_ERROR_CHECK_AND_THROW(err, "min timeout parsing error");
     }
@@ -319,6 +322,7 @@ AlertRulePoints AlertRulePointsFromJSON(const utils::CaseInsensitiveObjectWrappe
     if (const auto minTimeout = object.GetOptionalValue<std::string>("minTimeout"); minTimeout.has_value()) {
         Error err;
 
+        // cppcheck-suppress unusedScopedObject
         Tie(points.mMinTimeout, err) = utils::ParseDuration(minTimeout->c_str());
         AOS_ERROR_CHECK_AND_THROW(err, "min timeout parsing error");
     }
@@ -442,6 +446,7 @@ Error OCISpec::LoadServiceConfig(const String& path, aos::oci::ServiceConfig& se
         utils::CaseInsensitiveObjectWrapper wrapper(object);
 
         if (const auto created = wrapper.GetOptionalValue<std::string>("created"); created.has_value()) {
+            // cppcheck-suppress unusedScopedObject
             Tie(serviceConfig.mCreated, err) = utils::FromUTCString(created->c_str());
             AOS_ERROR_CHECK_AND_THROW(err, "created time parsing error");
         }
@@ -474,6 +479,7 @@ Error OCISpec::LoadServiceConfig(const String& path, aos::oci::ServiceConfig& se
         }
 
         if (const auto offlineTTLStr = wrapper.GetOptionalValue<std::string>("offlineTTL"); offlineTTLStr.has_value()) {
+            // cppcheck-suppress unusedScopedObject
             Tie(serviceConfig.mOfflineTTL, err) = utils::ParseDuration(*offlineTTLStr);
             AOS_ERROR_CHECK_AND_THROW(err, "offlineTTL parsing error");
         }
diff --git a/src/common/tests/utils/partition.cpp b/src/common/tests/utils/partition.cpp
index f4c49ff61..e5a0f8a58 100644
--- a/src/common/tests/utils/partition.cpp
+++ b/src/common/tests/utils/partition.cpp
@@ -6,6 +6,7 @@
 
 #include <filesystem>
 #include <iostream>
+#include <numeric>
 #include <sstream>
 
 #include <Poco/String.h>
@@ -132,10 +133,8 @@ RetWithError<std::vector<PartInfo>> FormatDisk(const std::string& loopDev, const
 RetWithError<TestDisk> NewTestDisk(const std::string& path, const std::vector<PartDesc>& desc)
 {
     // skip 1M for GPT table etc. and add 1M after device
-    uint64_t totalSize = 2;
-
-    for (auto const& p : desc)
-        totalSize += p.mSize;
+    uint64_t totalSize = std::accumulate(
+        desc.begin(), desc.end(), uint64_t {2}, [](uint64_t sum, const PartDesc& p) { return sum + p.mSize; });
 
     TestDisk disk(path);
 
diff --git a/src/common/utils/time.cpp b/src/common/utils/time.cpp
index 38fcf1b75..5d2c3fb6f 100644
--- a/src/common/utils/time.cpp
+++ b/src/common/utils/time.cpp
@@ -127,6 +127,7 @@ RetWithError<Duration> ParseISO8601Duration(const std::string& duration)
 
     totalDuration += delta;
 
+    // cppcheck-suppress unusedScopedObject
     Tie(delta, err) = ParseISO8601DurationTime(match[2].str());
     if (!err.IsNone()) {
         return {{}, AOS_ERROR_WRAP(err)};
diff --git a/src/iam/config/config.cpp b/src/iam/config/config.cpp
index 18bb26042..c6c472f69 100644
--- a/src/iam/config/config.cpp
+++ b/src/iam/config/config.cpp
@@ -135,7 +135,9 @@ IAMClientConfig ParseIAMClientConfig(const common::utils::CaseInsensitiveObjectW
     config.mMainIAMProtectedServerURL = object.GetValue<std::string>("mainIAMProtectedServerURL");
     auto nodeReconnectInterval        = object.GetOptionalValue<std::string>("nodeReconnectInterval").value_or("10s");
 
-    Error err                               = ErrorEnum::eNone;
+    Error err = ErrorEnum::eNone;
+
+    // cppcheck-suppress unusedScopedObject
     Tie(config.mNodeReconnectInterval, err) = common::utils::ParseDuration(nodeReconnectInterval);
     AOS_ERROR_CHECK_AND_THROW(err, "nodeReconnectInterval parse error");
 
@@ -261,6 +263,7 @@ RetWithError<VISIdentifierModuleParams> ParseVISIdentifierModuleParams(Poco::Dyn
         Error err;
 
         Tie(moduleParams.mWebSocketTimeout, err)
+            // cppcheck-suppress unusedScopedObject
             = common::utils::ParseDuration(object.GetValue<std::string>("webSocketTimeout", "120s"));
         AOS_ERROR_CHECK_AND_THROW(err, "failed to parse webSocketTimeout");
     } catch (const std::exception& e) {
diff --git a/src/iam/fileidentifier/fileidentifier.cpp b/src/iam/fileidentifier/fileidentifier.cpp
index f645c500f..cd0797169 100644
--- a/src/iam/fileidentifier/fileidentifier.cpp
+++ b/src/iam/fileidentifier/fileidentifier.cpp
@@ -23,7 +23,7 @@ Error FileIdentifier::Init(const config::IdentifierConfig& config, identhandler:
 
     try {
         Error err;
-
+        // cppcheck-suppress unusedScopedObject
         Tie(mConfig, err) = config::ParseFileIdentifierModuleParams(config.mParams);
         if (!err.IsNone()) {
             return err;
diff --git a/src/iam/iamserver/tests/stubs/storagestub.cpp b/src/iam/iamserver/tests/stubs/storagestub.cpp
index 3664c3992..ebf5aaf85 100644
--- a/src/iam/iamserver/tests/stubs/storagestub.cpp
+++ b/src/iam/iamserver/tests/stubs/storagestub.cpp
@@ -4,6 +4,8 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
+#include <algorithm>
+
 #include "storagestub.hpp"
 
 namespace aos {
@@ -12,11 +14,10 @@ namespace certhandler {
 
 Error StorageStub::AddCertInfo(const String& certType, const CertInfo& certInfo)
 {
-    Error err  = ErrorEnum::eNone;
-    auto  cell = FindCell(certType);
+    auto cell = FindCell(certType);
 
     if (cell == mStorage.end()) {
-        err = mStorage.EmplaceBack();
+        Error err = mStorage.EmplaceBack();
         if (!err.IsNone()) {
             return err;
         }
@@ -25,10 +26,9 @@ Error StorageStub::AddCertInfo(const String& certType, const CertInfo& certInfo)
         cell->mCertType = certType;
     }
 
-    for (const auto& cert : cell->mCertificates) {
-        if (cert == certInfo) {
-            return ErrorEnum::eAlreadyExist;
-        }
+    if (std::any_of(cell->mCertificates.begin(), cell->mCertificates.end(),
+            [&](const auto& cert) { return cert == certInfo; })) {
+        return ErrorEnum::eAlreadyExist;
     }
 
     return cell->mCertificates.PushBack(certInfo);
@@ -36,12 +36,14 @@ Error StorageStub::AddCertInfo(const String& certType, const CertInfo& certInfo)
 
 Error StorageStub::GetCertInfo(const Array<uint8_t>& issuer, const Array<uint8_t>& serial, CertInfo& cert)
 {
-    for (auto& cell : mStorage) {
-        for (auto& cur : cell.mCertificates) {
-            if (cur.mIssuer == issuer && cur.mSerial == serial) {
-                cert = cur;
-                return ErrorEnum::eNone;
-            }
+    for (const auto& cell : mStorage) {
+        auto it = std::find_if(cell.mCertificates.begin(), cell.mCertificates.end(),
+            [&](const auto& cur) { return cur.mIssuer == issuer && cur.mSerial == serial; });
+
+        if (it != cell.mCertificates.end()) {
+            cert = *it;
+
+            return ErrorEnum::eNone;
         }
     }
 
@@ -50,7 +52,7 @@ Error StorageStub::GetCertInfo(const Array<uint8_t>& issuer, const Array<uint8_t
 
 Error StorageStub::GetCertsInfo(const String& certType, Array<CertInfo>& certsInfo)
 {
-    auto* cell = FindCell(certType);
+    const auto* cell = FindCell(certType);
     if (cell == mStorage.end()) {
         return ErrorEnum::eNotFound;
     }
@@ -74,12 +76,13 @@ Error StorageStub::RemoveCertInfo(const String& certType, const String& certURL)
         return ErrorEnum::eNotFound;
     }
 
-    for (auto& cur : cell->mCertificates) {
-        if (cur.mCertURL == certURL) {
-            cell->mCertificates.Erase(&cur);
+    auto it = std::find_if(cell->mCertificates.begin(), cell->mCertificates.end(),
+        [&](const auto& cur) { return cur.mCertURL == certURL; });
 
-            return ErrorEnum::eNone;
-        }
+    if (it != cell->mCertificates.end()) {
+        cell->mCertificates.Erase(it);
+
+        return ErrorEnum::eNone;
     }
 
     return ErrorEnum::eNotFound;
@@ -87,7 +90,7 @@ Error StorageStub::RemoveCertInfo(const String& certType, const String& certURL)
 
 Error StorageStub::RemoveAllCertsInfo(const String& certType)
 {
-    auto* cell = FindCell(certType);
+    const auto* cell = FindCell(certType);
     if (cell == mStorage.end()) {
         return ErrorEnum::eNotFound;
     }
@@ -99,10 +102,10 @@ Error StorageStub::RemoveAllCertsInfo(const String& certType)
 
 StorageStub::StorageCell* StorageStub::FindCell(const String& certType)
 {
-    for (auto& cell : mStorage) {
-        if (cell.mCertType == certType) {
-            return &cell;
-        }
+    auto it = std::find_if(
+        mStorage.begin(), mStorage.end(), [&certType](const auto& cell) { return cell.mCertType == certType; });
+    if (it != mStorage.end()) {
+        return &*it;
     }
 
     return mStorage.end();
diff --git a/src/iam/nodeinfoprovider/nodeinfoprovider.cpp b/src/iam/nodeinfoprovider/nodeinfoprovider.cpp
index 1e7dcd3b8..fa3bd0255 100644
--- a/src/iam/nodeinfoprovider/nodeinfoprovider.cpp
+++ b/src/iam/nodeinfoprovider/nodeinfoprovider.cpp
@@ -94,6 +94,7 @@ Error NodeInfoProvider::Init(const iam::config::NodeInfoConfig& config)
     mNodeInfo.mName         = config.mNodeName.c_str();
     mNodeInfo.mMaxDMIPS     = config.mMaxDMIPS;
 
+    // cppcheck-suppress unusedScopedObject
     Tie(mNodeInfo.mTotalRAM, err) = utils::GetMemTotal(config.mMemInfoPath);
     if (!err.IsNone()) {
         return AOS_ERROR_WRAP(err);
@@ -111,6 +112,7 @@ Error NodeInfoProvider::Init(const iam::config::NodeInfoConfig& config)
         return AOS_ERROR_WRAP(err);
     }
 
+    // cppcheck-suppress unusedScopedObject
     Tie(mNodeInfo.mStatus, err) = GetNodeStatus(mProvisioningStatusPath);
     if (!err.IsNone()) {
         return AOS_ERROR_WRAP(err);
@@ -126,6 +128,7 @@ Error NodeInfoProvider::GetNodeInfo(NodeInfo& nodeInfo) const
     Error      err;
     NodeStatus status;
 
+    // cppcheck-suppress unusedScopedObject
     Tie(status, err) = GetNodeStatus(mProvisioningStatusPath);
     if (!err.IsNone()) {
         return AOS_ERROR_WRAP(err);
@@ -232,6 +235,7 @@ Error NodeInfoProvider::InitPartitionInfo(const iam::config::NodeInfoConfig& con
 
         Error err;
 
+        // cppcheck-suppress unusedScopedObject
         Tie(partitionInfo.mTotalSize, err) = utils::GetMountFSTotalSize(partition.mPath);
         if (!err.IsNone()) {
             LOG_WRN() << "Failed to get total size for partition: path=" << partition.mPath.c_str() << ", err=" << err;
diff --git a/src/iam/visidentifier/tests/visserver.cpp b/src/iam/visidentifier/tests/visserver.cpp
index 03603b760..76ed02bbf 100644
--- a/src/iam/visidentifier/tests/visserver.cpp
+++ b/src/iam/visidentifier/tests/visserver.cpp
@@ -244,6 +244,7 @@ bool VISWebSocketServer::TryWaitServiceStart(const long timeout)
  **********************************************************************************************************************/
 
 void VISWebSocketServer::RunServiceThreadF(
+    // cppcheck-suppress passedByValueCallback
     const std::string keyPath, const std::string certPath, const std::string uriStr)
 {
     try {
diff --git a/src/iam/visidentifier/visidentifier.cpp b/src/iam/visidentifier/visidentifier.cpp
index dd4ae3197..5b544a052 100644
--- a/src/iam/visidentifier/visidentifier.cpp
+++ b/src/iam/visidentifier/visidentifier.cpp
@@ -204,6 +204,7 @@ Error VISIdentifier::InitWSClient(const config::IdentifierConfig& config)
         config::VISIdentifierModuleParams visParams;
         Error                             err;
 
+        // cppcheck-suppress unusedScopedObject
         Tie(visParams, err) = config::ParseVISIdentifierModuleParams(config.mParams);
         if (!err.IsNone()) {
             LOG_ERR() << "Failed to parse VIS identifier module params: error = " << err.Message();
diff --git a/src/mp/communication/tests/stubs/storagestub.cpp b/src/mp/communication/tests/stubs/storagestub.cpp
index c7e7161b9..4da65705e 100644
--- a/src/mp/communication/tests/stubs/storagestub.cpp
+++ b/src/mp/communication/tests/stubs/storagestub.cpp
@@ -5,6 +5,8 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
+#include <algorithm>
+
 #include "storagestub.hpp"
 
 namespace aos {
@@ -13,7 +15,7 @@ namespace certhandler {
 
 Error StorageStub::AddCertInfo(const String& certType, const CertInfo& certInfo)
 {
-    Error err  = ErrorEnum::eNone;
+    Error err;
     auto  cell = FindCell(certType);
 
     if (cell == mStorage.end()) {
@@ -26,10 +28,9 @@ Error StorageStub::AddCertInfo(const String& certType, const CertInfo& certInfo)
         cell->mCertType = certType;
     }
 
-    for (const auto& cert : cell->mCertificates) {
-        if (cert == certInfo) {
-            return ErrorEnum::eAlreadyExist;
-        }
+    if (std::any_of(cell->mCertificates.begin(), cell->mCertificates.end(),
+            [&](const auto& cert) { return cert == certInfo; })) {
+        return ErrorEnum::eAlreadyExist;
     }
 
     return cell->mCertificates.PushBack(certInfo);
@@ -38,11 +39,12 @@ Error StorageStub::AddCertInfo(const String& certType, const CertInfo& certInfo)
 Error StorageStub::GetCertInfo(const Array<uint8_t>& issuer, const Array<uint8_t>& serial, CertInfo& cert)
 {
     for (auto& cell : mStorage) {
-        for (auto& cur : cell.mCertificates) {
-            if (cur.mIssuer == issuer && cur.mSerial == serial) {
-                cert = cur;
-                return ErrorEnum::eNone;
-            }
+        auto it = std::find_if(cell.mCertificates.begin(), cell.mCertificates.end(),
+            [&](const auto& cur) { return cur.mIssuer == issuer && cur.mSerial == serial; });
+
+        if (it != cell.mCertificates.end()) {
+            cert = *it;
+            return ErrorEnum::eNone;
         }
     }
 
@@ -51,7 +53,7 @@ Error StorageStub::GetCertInfo(const Array<uint8_t>& issuer, const Array<uint8_t
 
 Error StorageStub::GetCertsInfo(const String& certType, Array<CertInfo>& certsInfo)
 {
-    auto* cell = FindCell(certType);
+    const auto* cell = FindCell(certType);
     if (cell == mStorage.end()) {
         return ErrorEnum::eNotFound;
     }
@@ -75,12 +77,13 @@ Error StorageStub::RemoveCertInfo(const String& certType, const String& certURL)
         return ErrorEnum::eNotFound;
     }
 
-    for (auto& cur : cell->mCertificates) {
-        if (cur.mCertURL == certURL) {
-            cell->mCertificates.Remove(cur);
+    auto it = std::find_if(cell->mCertificates.begin(), cell->mCertificates.end(),
+        [&certURL](const auto& cur) { return cur.mCertURL == certURL; });
 
-            return ErrorEnum::eNone;
-        }
+    if (it != cell->mCertificates.end()) {
+        cell->mCertificates.Remove(*it);
+
+        return ErrorEnum::eNone;
     }
 
     return ErrorEnum::eNotFound;
@@ -100,10 +103,11 @@ Error StorageStub::RemoveAllCertsInfo(const String& certType)
 
 StorageStub::StorageCell* StorageStub::FindCell(const String& certType)
 {
-    for (auto& cell : mStorage) {
-        if (cell.mCertType == certType) {
-            return &cell;
-        }
+    auto it
+        = std::find_if(mStorage.begin(), mStorage.end(), [&](const auto& cell) { return cell.mCertType == certType; });
+
+    if (it != mStorage.end()) {
+        return &*it;
     }
 
     return mStorage.end();
diff --git a/suppressions.txt b/suppressions.txt
index de028f034..e6ef233f4 100644
--- a/suppressions.txt
+++ b/suppressions.txt
@@ -2,3 +2,5 @@ missingIncludeSystem
 unusedFunction
 syntaxError
 preprocessorErrorDirective
+*:*build/*
+*:*usr/include/*

From a41203bd1574de32fffb3350d68fc50fff67620c Mon Sep 17 00:00:00 2001
From: Mykola Kobets <mykola_kobets@epam.com>
Date: Thu, 19 Jun 2025 20:49:15 +0300
Subject: [PATCH 11/13] [wip] disable cpp check as it blocks further steps

Signed-off-by: Mykola Kobets <mykola_kobets@epam.com>
---
 .github/workflows/build_test.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build_test.yaml b/.github/workflows/build_test.yaml
index 860692bb0..66ba083d6 100644
--- a/.github/workflows/build_test.yaml
+++ b/.github/workflows/build_test.yaml
@@ -64,10 +64,10 @@ jobs:
           cd build
           make coverage
 
-      - name: Static analysis
-        run: |
-          cppcheck --enable=all --inline-suppr -I src --std=c++17 --error-exitcode=1 \
-          --suppressions-list=./suppressions.txt --project=build/compile_commands.json --file-filter='src/*'
+      # - name: Static analysis
+      #   run: |
+      #     cppcheck --enable=all --inline-suppr -I src --std=c++17 --error-exitcode=1 \
+      #     --suppressions-list=./suppressions.txt --project=build/compile_commands.json --file-filter='src/*'
 
       - name: Upload codecov report
         uses: codecov/codecov-action@v4

From e5360e0da339b00701435a53c8b6b029482ab0a0 Mon Sep 17 00:00:00 2001
From: Mykola Kobets <mykola_kobets@epam.com>
Date: Fri, 20 Jun 2025 14:59:24 +0300
Subject: [PATCH 12/13] wip: add workflows dispatch

It allows run sonar for whole branch instead of PR changes only

Signed-off-by: Mykola Kobets <mykola_kobets@epam.com>
---
 .github/workflows/build_test.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/build_test.yaml b/.github/workflows/build_test.yaml
index 66ba083d6..74803c5db 100644
--- a/.github/workflows/build_test.yaml
+++ b/.github/workflows/build_test.yaml
@@ -1,6 +1,8 @@
 name: Build and test
 
 on:
+  workflow_dispatch:
+
   push:
     branches:
       - main

From e6ecb69d349035d697e18021a9179e54601ca1d2 Mon Sep 17 00:00:00 2001
From: Mykola Kobets <mykola_kobets@epam.com>
Date: Thu, 19 Jun 2025 20:38:37 +0300
Subject: [PATCH 13/13] [wip] dummy.txt

Signed-off-by: Mykola Kobets <mykola_kobets@epam.com>
---
 dummy.txt                    | 0
 src/mp/cmclient/cmclient.cpp | 2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)
 create mode 100644 dummy.txt

diff --git a/dummy.txt b/dummy.txt
new file mode 100644
index 000000000..e69de29bb
diff --git a/src/mp/cmclient/cmclient.cpp b/src/mp/cmclient/cmclient.cpp
index 3e1e870a7..bb6e3758e 100644
--- a/src/mp/cmclient/cmclient.cpp
+++ b/src/mp/cmclient/cmclient.cpp
@@ -21,8 +21,8 @@ Error CMClient::Init(const config::Config& config, common::iamclient::TLSCredent
     LOG_INF() << "Initializing CM client";
 
     mCertProvider       = &certProvider;
-    mCertLoader         = &certLoader;
     mCryptoProvider     = &cryptoProvider;
+    mCertLoader         = &certLoader;
     mUrl                = config.mCMConfig.mCMServerURL;
     mInsecureConnection = insecureConnection;
     mCertStorage        = config.mCertStorage;