it depends on how haproxy is built (number of flags)
BQ_BEGIN we use most of available options when testing on coverity [ https://github.com/haproxy/haproxy/blob/master/.travis.yml#L8 | https://github.com/haproxy/haproxy/blob/master/.travis.yml#L8 ] can you share build command ? we may also set up sonar in travis-ci schedules. (personally, I find sonar too much noisy, but I agree, it finds bugs sometimes) BQ_END I'm using $ make -j4 TARGET=linux-glibc USE_LIBCRYPT=1 USE_OPENSSL=1 USE_ZLIB=1 USE_NS= The shortest command from the travis file is $ make -j4 TARGET=linux-glibc USE_ZLIB=1 USE_PCRE=1 USE_OPENSSL=1 USE_WURFL=1 WURFL_INC=contrib/wurfl WURFL_LIB=contrib/wurfl USE_DEVICEATLAS=1 DEVICEATLAS_SRC=contrib/deviceatlas USE_NS= I'm using CentOS 6 to build. As Willy says, it generates lots of false-positive because static analysis of pointer-work is hard, especially in C. Most of C smart moves are interpreted as wrong behavior. -- 232 avenue Napoleon BONAPARTE 92500 RUEIL MALMAISON Capital EUR 219 300,00 - RCS Nanterre B 408 832 301 - TVA FR 09 408 832 301