C/C++ Project Guardrails
Enforce C/C++ project standards including build system presence, minimum C++ standard version, cppcheck compliance, and compiler/CMake version requirements in CI/CD environments.
cpp to your lunar-config.yml:uses: github://earthly/lunar-lib/policies/cpp@v1.0.5
Included Guardrails
This policy includes 5 guardrails that enforce standards for your devex build and ci.
build-system-exists
Ensures at least one build system (CMake, Make, Meson, Autotools, Bazel) is detected. Unlike Go or Rust where the toolchain is the build system, C/C++ projects require an explicit build system to be compilable.
min-cpp-standard
Ensures the project uses at least the minimum required C++ standard. Modern standards (C++17+) provide safer constructs, better type safety, and deprecate dangerous legacy features.
cppcheck-clean
Ensures cppcheck reports no errors and fewer warnings than the configured threshold. cppcheck catches undefined behavior, memory leaks, and other common C/C++ mistakes.
min-compiler-version-cicd
Ensures the C/C++ compiler version (gcc or clang) used in CI/CD meets the minimum required version. Newer compilers provide better diagnostics, optimization, and standard compliance.
min-cmake-version-cicd
Ensures the CMake version used in CI/CD meets the minimum required version. Modern CMake features (targets, presets, dependency management) require recent versions.
How Guardrails Fit into Lunar
Lunar guardrails define your engineering standards as code. They evaluate data collected by integrations and produce pass/fail checks with actionable feedback.
Policies support gradual enforcement—from silent scoring to blocking PRs or deployments—letting you roll out standards at your own pace without disrupting existing workflows.
Learn How Lunar Works →Required Integrations
This policy evaluates data gathered by one or more of the following integration(s).
Make sure to enable them in your lunar-config.yml.
Configuration
Configure this policy in your lunar-config.yml.
Inputs
| Input | Required | Default | Description |
|---|---|---|---|
min_cpp_standard
|
Optional |
17
|
Minimum required C++ standard (e.g., "17", "20", "23") |
max_cppcheck_warnings
|
Optional |
0
|
Maximum allowed cppcheck warnings (0 = must be clean) |
min_compiler_version
|
Optional |
12.0.0
|
Minimum required compiler version for CI/CD (e.g., "12.0.0" for gcc, "15.0.0" for clang) |
min_cmake_version
|
Optional |
3.20.0
|
Minimum required CMake version for CI/CD (e.g., "3.20.0") |
Documentation
View on GitHubC/C++ Project Guardrails
Enforces C/C++ project structure, build standards, and code quality.
Overview
This policy validates C/C++ projects against best practices for build system configuration, language standard compliance, static analysis, and CI/CD toolchain versions. It ensures projects have a proper build system, use modern C++ standards, pass cppcheck analysis, and maintain up-to-date compilers in CI.
Policies
This plugin provides the following policies (use include to select a subset):
| Policy | Description | Failure Meaning |
|---|---|---|
build-system-exists |
Validates a build system is present | No CMake, Make, Meson, or other build system found |
min-cpp-standard |
Ensures minimum C++ standard | C++ standard too old (e.g., C++11 when C++17 required) |
cppcheck-clean |
Ensures cppcheck warnings within threshold | Too many cppcheck warnings |
min-compiler-version-cicd |
Ensures minimum compiler version in CI | CI gcc/clang version too old |
min-cmake-version-cicd |
Ensures minimum CMake version in CI | CI CMake version too old |
Required Data
This policy reads from the following Component JSON paths:
| Path | Type | Provided By |
|---|---|---|
.lang.cpp |
object | cpp collector |
.lang.cpp.build_systems |
array | cpp collector |
.lang.cpp.cpp_standard |
string | cpp collector |
.lang.cpp.lint.warnings |
array | cpp collector |
.lang.cpp.native.cppcheck |
object | cpp collector |
.lang.cpp.cicd.cmds |
array | cpp collector |
Installation
Add to your lunar-config.yml:
policies:
- uses: github://earthly/lunar-lib/policies/cpp@main
on: ["domain:your-domain"] # replace with your own domain or tags
enforcement: report-pr
# include: [build-system-exists, min-cpp-standard] # Only run specific checks
with:
min_cpp_standard: "17" # Minimum C++ standard (default: "17")
max_cppcheck_warnings: "0" # Maximum cppcheck warnings (default: "0")
min_compiler_version: "12.0.0" # Minimum gcc/clang version in CI (default: "12.0.0")
min_cmake_version: "3.20.0" # Minimum CMake version in CI (default: "3.20.0")
Examples
Passing Example
{
"lang": {
"cpp": {
"build_systems": ["cmake"],
"cmake_exists": true,
"cpp_standard": "20",
"lint": {
"warnings": []
},
"native": {
"cppcheck": {
"passed": true,
"error_count": 0,
"warning_count": 0
}
},
"cicd": {
"cmds": [
{ "cmd": "g++ -std=c++20 -O2 main.cpp", "version": "13.2.0" },
{ "cmd": "cmake --build .", "version": "3.28.0" }
]
}
}
}
}
Failing Example
{
"lang": {
"cpp": {
"build_systems": [],
"cpp_standard": "11",
"lint": {
"warnings": [
{ "file": "src/main.cpp", "line": 42, "severity": "warning", "message": "Variable 'x' is not initialized", "id": "uninitvar" }
]
},
"cicd": {
"cmds": [
{ "cmd": "g++ main.cpp", "version": "9.4.0" },
{ "cmd": "cmake --build .", "version": "3.16.0" }
]
}
}
}
}
Failure messages:
"No build system detected. C/C++ projects need CMake, Make, Meson, or another build system.""C++ standard 11 is below minimum 17. Update CMAKE_CXX_STANDARD or compiler flags to use C++17 or later.""1 cppcheck warning(s) found, maximum allowed is 0. Run 'cppcheck' and fix all warnings.""Compiler version 9.4.0 is below minimum 12.0.0. Update gcc/clang in your CI environment.""CMake version 3.16.0 is below minimum 3.20.0. Update CMake in your CI environment."
Remediation
build-system-exists
- Add a
CMakeLists.txtfor CMake-based builds (recommended) - Or add a
Makefilefor Make-based builds - Or add
meson.buildfor Meson-based builds
min-cpp-standard
- In CMakeLists.txt:
set(CMAKE_CXX_STANDARD 17)orset(CMAKE_CXX_STANDARD 20) - Or add compiler flags:
-std=c++17or-std=c++20 - Test thoroughly after upgrading — newer standards may deprecate features
cppcheck-clean
- Run
cppcheck --enable=all .to see all warnings - Fix the reported issues (uninitialized variables, memory leaks, etc.)
- For false positives, use
// cppcheck-suppress <id>inline comments - If more warnings are acceptable, increase
max_cppcheck_warningsthreshold
min-compiler-version-cicd
- Update your CI/CD pipeline to use a newer gcc or clang
- For GitHub Actions: update the compiler installation step
- Newer compilers provide better diagnostics and C++ standard support
min-cmake-version-cicd
- Update CMake in your CI/CD pipeline
- For GitHub Actions: use
lukka/get-cmakeor update the apt package - Modern CMake (3.20+) supports presets, better dependency management, and improved target handling
Open Source
This policy is open source and available on GitHub. Contribute improvements, report issues, or fork it for your own use.
Common Use Cases
Explore how individual guardrails work with specific integrations.
Ready to Automate Your Standards?
See how Lunar can turn your AGENTS.md, engineering wiki, compliance docs, or postmortem action items into automated guardrails with our 100+ built-in guardrails.