Yes, we can run other analyzer; however, in case of CodeChecker we also need a server to upload the result to.
> -----Original Message----- > From: r...@edk2.groups.io <r...@edk2.groups.io> On Behalf Of Michael D > Kinney via groups.io > Sent: Thursday, June 23, 2022 9:30 PM > To: r...@edk2.groups.io; pedro.falc...@gmail.com; Felix Polyudov > <fel...@ami.com>; Kinney, Michael D <michael.d.kin...@intel.com> > Cc: Rebecca Cran <rebe...@bsdio.com>; edk2-devel-groups-io > <devel@edk2.groups.io> > Subject: [EXTERNAL] Re: [edk2-rfc] RFC v2: Static Analysis in edk2 CI > > > **CAUTION: The e-mail below is from an external source. Please exercise > caution before opening attachments, clicking links, or following guidance.** > > I have Coverity scan builds running in a GitHub Action and then uploaded to > Coverity. > > We should be able to configure a GitHub Action to run other analyzers. > > Mike > > > -----Original Message----- > > From: r...@edk2.groups.io <r...@edk2.groups.io> On Behalf Of Pedro > > Falcato > > Sent: Tuesday, June 14, 2022 1:00 PM > > To: r...@edk2.groups.io; POLUDOV, FELIX <fel...@ami.com> > > Cc: Rebecca Cran <rebe...@bsdio.com>; edk2-devel-groups-io > > <devel@edk2.groups.io> > > Subject: Re: [edk2-rfc] RFC v2: Static Analysis in edk2 CI > > > > (Re-adding devel@ since Felix dropped it) > > > > On Tue, Jun 14, 2022 at 8:59 PM Pedro Falcato > > <pedro.falc...@gmail.com> > > wrote: > > > > > Just want to note that if we want to go ahead with fuzzing (I > > > detailed a possible plan to do so in the mailing list a month or so > > > ago) we will definitely need somewhere to run fuzzing (even if it's > > > Google's > syzbot). > > > Getting somewhere where we can run static analysis, fuzzing just > > > makes sense IMO (hell, who knows, maybe even CI or something like > > > Gerrit for mailing list-less code reviews). > > > > > > On Tue, Jun 14, 2022 at 7:43 PM Felix Polyudov via groups.io > > > <felixp= ami....@groups.io> wrote: > > > > > >> Yes, LLVM/CLANG Static Analyzer is another possibility. I've > > >> mentioned it in the first version of the RFC. > > >> CodeChecker > > >> > (https://codechecker.readthedocs.io/en/latest/) is an open source front-end > for the scan-build and clang-tidy. > > >> It simplifies analyzer configuration and provides web-based report > > >> storage. However, it has to be hosted somewhere. > > >> If somebody has an idea on how edk2 community can host the > > >> CodeChecker, that's definitely an option to consider. > > >> > > >> > > >> > > >> > > >> > > >> > > > > > > -- > > > Pedro Falcato -The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#90791): https://edk2.groups.io/g/devel/message/90791 Mute This Topic: https://groups.io/mt/91737265/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
