19-layer extreme audit scanner. Targeting ANSSI/IGI-1300, Common Criteria EAL4+, DO-178C, and ISO 26262 compliance. Zero tolerance policy.
HDDS audit targets the most demanding certification standards in defense, aerospace, and automotive industries.
French Military Certification
EAL4+ Security Level
Avionics Level B
ASIL-D Automotive
2008 Guidelines
RTPS v2.5 Spec
Every commit passes through our extreme audit scanner. Zero tolerance for critical and high severity issues.
No TODO, FIXME, HACK, XXX, unimplemented!(), dbg!() in production code
Detect dangerous casts (as u8/u16/u32), transmute() forbidden
Every unsafe block requires SAFETY justification comment (ANSSI/IGI-1300)
McCabe cyclomatic ≤10, cognitive complexity ≤15, function ≤100 lines
No panic!() or .unwrap() in production - use expect() or ? operator
Detect Box::leak, mem::forget, ManuallyDrop, static mut
cargo-audit for CVEs, outdated deps check, dependency count monitoring
ALL lints enabled: pedantic, nursery, cargo + indexing_slicing, empty_drop
All public items documented, unsafe fn requires # Safety section
Mutex poison handling, no global mutable state, thread join verification
License headers, GPL contamination check
collect().len() → count(), no String allocation in loops
Endianness handling, CDR2 alignment, #[repr(C)] on wire structs
Minimum 90% coverage target, test function count monitoring
cargo-geiger unsafe code budget monitoring across all dependencies
Detect '_ = expr;' patterns that ignore errors or results
cargo-udeps to detect unused crates in Cargo.toml
Scan for hardcoded passwords, API keys, tokens in source
jscpd token-based analysis, max 7% duplication threshold
| Metric | Threshold | HDDS Current | Status |
|---|---|---|---|
| Cyclomatic Complexity | ≤ 10 | ~8 | PASS |
| Cognitive Complexity | ≤ 15 | ~12 | PASS |
| Function Length | ≤ 100 lines | ~60 | PASS |
| File Length | ≤ 800 lines | ~500 | PASS |
| Unsafe Blocks | ≤ 250 | ~13 | EXCELLENT |
| Test Coverage | ≥ 90% | ~85% | GOOD |
| Code Duplication | ≤ 7% | ~5% | PASS |
| Critical Violations | 0 | 0 | PASS |
| High Violations | 0 | 0 | PASS |
Memory-safe and thread-safe validated by Valgrind + LLVM sanitizers (ASan, TSan, MSan)
cargo-fuzz (libFuzzer) - 6 fuzz targets, 0 crashes. Continuous fuzzing on all protocol parsers.
42 binary reference vectors published for spec compliance verification. No other DDS vendor does this.
bool, char8, Option<T>, [T; N], BTreeMap<K,V> — all XCDR2 spec types covered, not just the easy ones.
// primitive_u32 golden vector (XCDR2 LE) 00000000 00 0a 00 00 2a 00 00 00 |....*...| // encap hdr u32 = 42 (little-endian)
Cross-vendor RTPS/DDS compliance tested and published with full spec references. Complete transparency — including our own divergences.
Every intentional spec divergence is documented with ID, justification, and tracking issue. Full transparency.
FNV-1a member ID hashing (AUDIT-001 fix), @non_serialized support, @nested compliance — audited against OMG IDL 4.2 spec.
| Feature | HDDS | FastDDS | RTI | CycloneDDS |
|---|---|---|---|---|
| SPDP Discovery | PASS (tested) | PASS (tested) | PASS (tested) | PASS (tested) |
| CDR2 Serialization | PASS (tested) | PASS (tested) | PASS (tested) | PASS (tested) |
| 96 QoS Combinations | PASS (tested) | PASS (tested) | PASS (tested) | PASS (tested) |
| DATA_FRAG Submessage | PASS (tested) | PASS (tested) | PASS (tested) | N/A (untested) |
Signed SBOM with complete dependency transparency. Every component documented, verified, and traceable.
76cbf52c...4716bd8 hdds-1.0.8.cdx.json 7e7064a9...d31a4bc hdds-1.0.8.cdx.xml
Legitimate exceptions can be marked with documented justification. Every suppression is counted and tracked.
// @audit-ok: intentional dialect-specific implementation // Required for RTI Connext 6.x compatibility (non-standard GUID encoding) let magic = 0xDEADBEEF; // @audit-ok: FNV-1a algorithm constants (well-known, verified) const FNV_OFFSET: u64 = 0x811c9dc5; const FNV_PRIME: u64 = 0x01000193;
Single-file audit runs before every commit. Blocks commits with critical issues.
Full 19-layer audit on every pull request. No merge with critical/high violations.
Comprehensive audit reports generated nightly with trend analysis.
Our extreme audit scanner is open source. 1,685 lines of bash enforcing industrial-grade quality.
“Ready for deployment in nuclear submarines”
— extrem-audit-scan.sh exit message on perfect score