Hello, I am writing this message to get feedback from the community on new findings by static analyzers in Critical Path Packages that have changed in Fedora 44.
TLDR: This report[1] contains a total of 47352 findings and 843 new findings identified since Fedora 43. Please review the report and provide feedback. False positives can now be recorded in the known-false-positives[5] repository. A mass scan was performed on the packages that have changed in Fedora 44. This report[1] contains all the findings that have been identified in the Critical Path Packages. Newly added findings since Fedora 43 are listed under ‘+’ column and these should be prioritized while reviewing the findings (and fixing them upstream). Not all findings reported by OpenScanHub may be actual bugs, so please verify reported findings before investing time into fixing or reporting them. We have used the current development version of GCC to perform the scans, which may increase the likelihood of having false positives in the GCC reports. False positives can now be recorded in the known-false-positives[5] repository. These findings are automatically suppressed by OpenScanHub in scans that are triggered later. Also, you can filter findings with the csgrep utility to make it easier to review reports that may contain a large amount of false positives. Examples of csgrep invocation are available on the Fedora wiki[4]. We hope this is helpful for the packages you maintain and for the upstream projects. Questions can be asked on the OpenScanHub mailing list[2]. If you want to see the full logs of the scans, they are available on the tasks[3] page. User documentation for performing a scan is available on the Fedora wiki[4]. Please keep the feedback on this thread constructive. Thank you! [1] https://svashisht.fedorapeople.org/openscanhub/mass-scans/f44-28-Oct-2025/ [2] https://lists.fedoraproject.org/archives/list/[email protected]/ [3] https://openscanhub.fedoraproject.org/task/ [4] https://fedoraproject.org/wiki/OpenScanHub [5] https://github.com/openscanhub/known-false-positives -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
