Request for Guidance on Static Analysis Best Practices and Integration in Unreal Projects

Development Programming & Scripting
, ,
1

Hi Epic Team,

I’m currently exploring options for integrating static code analysis into our Unreal Engine projects. As part of this effort, we’re aiming to align as closely as possible with Epic’s recommended practices, both to reduce friction with future engine updates and to ensure compatibility across our internal shared tech stack.

I’ve reviewed the Unreal Engine documentation on static analysis, which lists Clang, VisualCpp/MSCV, and PVS-Studio as supported tools.

I’d greatly appreciate any additional insights you can provide on how Epic internally approaches static analysis, particularly around the following topics:

  1. Tooling Choice & Rationale
    1. Which of the listed static analyzers (Clang, MSVC, PVS-Studio) does Epic use internally?
    2. What were the deciding factors in choosing those tools (e.g., signal-to-noise ratio, performance, integration ease, licensing, etc.)?
  2. Pipeline Integration
    1. How is static analysis integrated into Epic’s development workflows?
      1. Is it part of nightly or continuous integration pipelines?
      2. Do you automatically create Jira (or equivalent) issues for new findings?
      3. Are static analysis jobs executed through Horde, or a separate system?
  3. Pre-submit / Developer Experience
    1. Do you internally support pre-submit checks that developers can run locally to catch issues before committing code?
    2. If so, how do you ensure these checks are fast and targeted (e.g., only on modified files)?
  4. Managing Technical Debt
  • For large or legacy codebases, do you have recommendations for managing existing findings (e.g., suppressing known issues, focusing only on diffs, etc.) to avoid overwhelming developers?

Our goal is to build a robust and scalable static analysis setup that can be integrated into our central tech pipeline, ultimately supporting multiple Unreal-based projects. We’d love to build something that aligns with Epic’s direction to minimize divergence and reduce integration pain over time.

Thanks in advance for your time and support, we really appreciate any guidance or recommendations you can share.

2

Steps to Reproduce
Not Applicable.

3

+1 for some insight, Thanks

4

Hi,

Q: Which of the listed static analyzers (Clang, MSVC, PVS-Studio) does Epic use internally?

A: We run all three depending on the target platform. So we do have a good coverage.

Q: What were the deciding factors in choosing those tools (e.g., signal-to-noise ratio, performance, integration ease, licensing, etc.)?

A: Platforms and support. If the platforms supports it, we usually run it.

Q: How is static analysis integrated into Epic’s development workflows?

A: We run it nightly. I’m asking QA how the errors end up in JIRA (because they do) but I don’t know if this is manual or not. I’ll reply once I have this info. The static analysis builds are made on Horde.

Q: Do you internally support pre-submit checks that developers can run locally to catch issues before committing code?

A: Yes, developers can run a static analysis as part of a Horde pre-submit test. (or run manually on their machine). There is an option to do ‘incremental’ build, but for static analysis, I’m not sure if that works.

Q: For large or legacy codebases, do you have recommendations for managing existing findings (e.g., suppressing known issues, focusing only on diffs, etc.) to avoid overwhelming developers?

A: You could probably dedicate one or two people to incrementally fix those static analysis errors and ask developers to manually run on their own file before submitting to fix those ‘modified files’. I have the following command line in my notes. You can disable all errors and track which files needs to be fixed and enable a daily job to run and then gradually fix the files over time by reenabling the analysis.

C:\windows\system32\cmd.exe /d/s/c " D:\UE5\Engine\Build\BatchFiles\RunUBT.bat UnrealEditor Win64 development -StaticAnalyzer=visualcpp win64 -Progress -AllModules -SingleFile=d:\ue5\Engine\Plugins\Experimental\PythonScriptPlugin\Source\PythonScriptPlugin\Private\PyEngine.cpp -NoPCH -NoXGE -NoLog <nul"Regards,

Patrick

5

Yes, sorry, I was told QA were manually creating issues by reviewing the build every morning.

Regards,

Patrick

6

Hey Patrick,

Thanks for the detailed response, this is very helpful.

Did you end up hearing back from QA about if the jiras are created as part of the automated process or manually?

Best

Michael