Hello, I am writing this message to get feedback from the community on new findings by static analyzers in Critical Path Packages that have changed in Fedora 45.
TLDR: This report[1] contains a total of 53127 findings and 1242 new findings identified since Fedora 44. An AI analysis has identified 14 important and 12 moderate impact findings that may have a security impact. The reports containing these findings are highlighted in red. Please review the report and provide feedback. A mass scan was performed on the packages that have changed in Fedora 45. This report[1] contains all the findings that have been identified in the Critical Path Packages. Newly added findings since Fedora 44 are listed under ‘+’ column. Not all findings reported by OpenScanHub may be actual bugs, so please verify reported findings before investing time into fixing or reporting them. We have performed an AI analysis through Claude (Opus 4.6) on GCC reports for findings that may have a security impact. AI analysis has identified a total of 14 important, 12 moderate and 1672 low impact findings. These should be prioritized while reviewing the findings (and fixing them upstream). False positives can be recorded in the known-false-positives[5] repository. These findings are automatically suppressed by OpenScanHub in scans that are triggered later. Also, you can filter findings with the csgrep utility to make it easier to review reports that may contain a large amount of false positives. Examples of csgrep invocation are available on the Fedora wiki[4]. We hope this is helpful for the packages you maintain and for the upstream projects. Questions can be asked on the OpenScanHub mailing list[2]. If you want to see the raw scan results, they are available on the tasks[3] page. User documentation for performing a scan is available on the Fedora wiki[4]. Please keep the feedback on this thread constructive. Thank you! [1] https://svashisht.fedorapeople.org/openscanhub/mass-scans/f45-01-Jun-2026/ [2] https://lists.fedoraproject.org/archives/list/[email protected]/ [3] https://openscanhub.fedoraproject.org/task/ [4] https://fedoraproject.org/wiki/OpenScanHub [5] https://github.com/openscanhub/known-false-positives -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
