Hello and Happy New Year,
thank you for this findings report. I wonder if it makes sense to turn on
cppcheck's
--inline-suppr
"Enable inline suppressions. Use them by placing one or more comments,
like: '// cppcheck-suppress warningId' on the lines before the warning to
suppress."
Is there a reason to turn it off or not have it on?
On Fri, Jan 9, 2026 at 1:27 PM Siteshwar Vashisht <[email protected]>
wrote:
> Hello,
>
> I am writing this message to get feedback from the community on new
> findings by static analyzers in Critical Path Packages that have
> changed in Fedora 44.
>
> TLDR: This report[1] contains a total of 89972 findings and 3375 new
> findings identified since Fedora 43. Please review the report and
> provide feedback. False positives can now be recorded in the
> known-false-positives[5] repository.
>
> A mass scan was performed on the packages that have changed in Fedora
> 44. This report[1] contains all the findings that have been identified
> in the Critical Path Packages. Newly added findings since Fedora 43
> are listed under ‘+’ column and these should be prioritized while
> reviewing the findings (and fixing them upstream). Not all findings
> reported by OpenScanHub may be actual bugs, so please verify reported
> findings before investing time into fixing or reporting them. We have
> used the current development version of GCC to perform the scans,
> which may increase the likelihood of having false positives in the GCC
> reports.
>
> False positives can now be recorded in the known-false-positives[5]
> repository. These findings are automatically suppressed by OpenScanHub
> in scans that are triggered later. Also, you can filter findings with
> the csgrep utility to make it easier to review reports that may
> contain a large amount of false positives. Examples of csgrep
> invocation are available on the Fedora wiki[4].
>
> We hope this is helpful for the packages you maintain and for the
> upstream projects. Questions can be asked on the OpenScanHub mailing
> list[2]. If you want to see the raw scan results, they are available
> on the tasks[3] page. User documentation for performing a scan is
> available on the Fedora wiki[4].
>
> Please keep the feedback on this thread constructive. Thank you!
>
> [1]
> https://svashisht.fedorapeople.org/openscanhub/mass-scans/f44-08-Jan-2026/
>
> [2]
> https://lists.fedoraproject.org/archives/list/[email protected]/
>
> [3] https://openscanhub.fedoraproject.org/task/
>
> [4] https://fedoraproject.org/wiki/OpenScanHub
>
> [5] https://github.com/openscanhub/known-false-positives
>
> --
> _______________________________________________
> devel mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/[email protected]
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>
--
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
