[Rpm-maint] [rpm-software-management/rpm] RFE: run static code analysis in CI (#306)

Jeff Johnson notifications at github.com
Thu Sep 14 07:20:33 UTC 2017


OK.

I'll create a RPM.ORG project at scan.coverity.com and import the code to assess the level of pain (and there _WILL_ be pain: it took me several weeks of mind-numbing clickety poo to get the level of reported positives from the coverity firehose down to something that was useful for rpm maintenance.)

clang is okay (try splint sometime ;-). OTOH coverity reuses older analyses to improve their product.
 
So even with no new scans, there are sometimes new problems reported. Quirky, but the process is at least transparent, unlike fuzzing.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/306#issuecomment-329396076
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20170914/40c080d9/attachment.html>


More information about the Rpm-maint mailing list