I have used Coverity in the past for commercial projects with very good success. I did a quick google search and looks like Coverity has a program for open source software quality which can potentially leveraged for CloudStack. Here is the link http://scan.coverity.com/getting-started.html
-----Original Message----- From: John Kinsella [mailto:j...@stratosec.co] Sent: Tuesday, November 20, 2012 11:12 AM To: cloudstack-dev@incubator.apache.org Subject: Re: Static Analysis Tools Additionally I (and others) run ACS through Fortify Source Code Analyzer. Personally I think findbugs is a bit of a toy, but anything helps... John On Nov 20, 2012, at 10:44 AM, David Nalley <da...@gnsa.us> wrote: > On Tue, Nov 20, 2012 at 1:36 PM, Animesh Chaturvedi > <animesh.chaturv...@citrix.com> wrote: >> >> Folks >> >> I want to get your opinion on using static analysis tools like PMD >> for CloudStack to catch some of the bugs early on. Maven has a plugin >> for PMD http://maven.apache.org/plugins/maven-pmd-plugin/ >> >> Thanks >> Animesh > > So we have Sonar (analysis.apache.org) sorta in place - doesn't mean > we can't do something else, but this exists. > https://analysis.apache.org/dashboard/index/100206 > > --David > Stratosec - Secure Infrastructure as a Service o: 415.315.9385 @johnlkinsella
