On Sunday, 11 January 2026 09:51:03 CET Konrad Kleine wrote: > Hello and Happy New Year, > > thank you for this findings report. I wonder if it makes sense to turn on > cppcheck's > > --inline-suppr > > "Enable inline suppressions. Use them by placing one or more comments, > like: '// cppcheck-suppress warningId' on the lines before the warning to > suppress." > > Is there a reason to turn it off or not have it on?
Hi Konrad, OpenScanHub already passes --inline-suppr to Cppcheck: https://github.com/csutils/cscppc/blob/f4f58d209a518ebbf26bd22c30e0a11d9340ee1b/src/cscppc.c#L60 Have you seen any cases where a Cppcheck suppression was ignored? If yes, please share the details. Kamil > On Fri, Jan 9, 2026 at 1:27 PM Siteshwar Vashisht <[email protected]> > wrote: > > > Hello, > > > > I am writing this message to get feedback from the community on new > > findings by static analyzers in Critical Path Packages that have > > changed in Fedora 44. > > > > TLDR: This report[1] contains a total of 89972 findings and 3375 new > > findings identified since Fedora 43. Please review the report and > > provide feedback. False positives can now be recorded in the > > known-false-positives[5] repository. > > > > A mass scan was performed on the packages that have changed in Fedora > > 44. This report[1] contains all the findings that have been identified > > in the Critical Path Packages. Newly added findings since Fedora 43 > > are listed under ‘+’ column and these should be prioritized while > > reviewing the findings (and fixing them upstream). Not all findings > > reported by OpenScanHub may be actual bugs, so please verify reported > > findings before investing time into fixing or reporting them. We have > > used the current development version of GCC to perform the scans, > > which may increase the likelihood of having false positives in the GCC > > reports. > > > > False positives can now be recorded in the known-false-positives[5] > > repository. These findings are automatically suppressed by OpenScanHub > > in scans that are triggered later. Also, you can filter findings with > > the csgrep utility to make it easier to review reports that may > > contain a large amount of false positives. Examples of csgrep > > invocation are available on the Fedora wiki[4]. > > > > We hope this is helpful for the packages you maintain and for the > > upstream projects. Questions can be asked on the OpenScanHub mailing > > list[2]. If you want to see the raw scan results, they are available > > on the tasks[3] page. User documentation for performing a scan is > > available on the Fedora wiki[4]. > > > > Please keep the feedback on this thread constructive. Thank you! > > > > [1] > > https://svashisht.fedorapeople.org/openscanhub/mass-scans/f44-08-Jan-2026/ > > > > [2] > > https://lists.fedoraproject.org/archives/list/[email protected]/ > > > > [3] https://openscanhub.fedoraproject.org/task/ > > > > [4] https://fedoraproject.org/wiki/OpenScanHub > > > > [5] https://github.com/openscanhub/known-false-positives > > > > -- > > _______________________________________________ > > devel mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > https://lists.fedoraproject.org/archives/list/[email protected] > > Do not reply to spam, report it: > > https://pagure.io/fedora-infrastructure/new_issue -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
