Along with using Sonar in place of Coverity. I also added Codacy. Which
I kind of like more than any other as there is no integration. No
modifications for Travis or any CI. It integrates directly with git.
https://support.codacy.com/hc/en-us/articles/207278449-Getting-started-with-Codacy
It mostl
Here is one both Coverity and Sonar miss, also clangs scan-build. Likely
something valgrind would catch/show.
This is never free'd, not anywhere I can tell. Though I could be wrong.
_login = strdup(login);
https://github.com/Obsidian-StudiosInc/entrance/blob/master/src/daemon/entrance_session.c#
On Wed, 25 Apr 2018 13:36:42 -0400
"William L. Thomson Jr." wrote:
> For Entrance I had Coverity passing long ago, not sure that is good.
> It will be a bit before I get Entrance passing under Sonar. It was
> easier to pass Coverity than to pass Sonar. Which I have yet to do.
> https://scan.cover
On Tue, 24 Apr 2018 14:18:50 -0400
"William L. Thomson Jr." wrote:
> On Tue, 24 Apr 2018 12:09:50 +0200
> Stefan Schmidt wrote:
>
> > https://sonarcloud.io/project/issues?branch=devs%2Fstefan%2Fsonar-test&id=efl&resolved=false
> >
> > 34441 issues found looks rather noisy to me, but with some
On Tue, 24 Apr 2018 12:09:50 +0200
Stefan Schmidt wrote:
> https://sonarcloud.io/project/issues?branch=devs%2Fstefan%2Fsonar-test&id=efl&resolved=false
>
> 34441 issues found looks rather noisy to me, but with some filtering
> we might be able to find get the interesting parts out of it.
Anothe
On Tue, 24 Apr 2018 11:54:34 -0400
"William L. Thomson Jr." wrote:
>
> Coverity's stance is you may use their product to find exploits and do
> bad stuff. It is a stupid futile argument. Given the fact there are
> alternatives which will do the same. Not like their tool is really a
> security too
On Tue, 24 Apr 2018 11:44:58 -0400
"William L. Thomson Jr." wrote:
> On Tue, 24 Apr 2018 12:31:33 +0200
> Marcel Hollerbach wrote:
> >
> > scanning through the results also shows that there is a massive
> > amount of false positives.
>
> Which can be marked as such. Which their devs will read
On Tue, 24 Apr 2018 09:00:26 -0300
Felipe Magno de Almeida wrote:
> On Tue, Apr 24, 2018 at 7:31 AM, Marcel Hollerbach
>
> > Examples:
> > -
> > https://sonarcloud.io/project/issues?branch=devs%2Fstefan%2Fsonar-test&id=efl&open=AWL3Ai8c-pl6AHs2kvjz&resolved=false&severities=MAJOR
> > -
> > h
On Tue, 24 Apr 2018 17:31:51 +0200
Boris Faure wrote:
> On 18-04-24 11:26, William L. Thomson Jr. wrote:
>
> > Maybe read this...
> > https://scan.coverity.com/faq#who-can-have-access
> Please calm down.
I am calm, I do not appreciate such statements. That make it appear
issues are specific to
On Tue, 24 Apr 2018 12:31:33 +0200
Marcel Hollerbach wrote:
> (Additional Note)
>
> scanning through the results also shows that there is a massive
> amount of false positives.
Which can be marked as such. Which their devs will read comments and or
look at false positives and make changes to th
On 18-04-24 11:26, William L. Thomson Jr. wrote:
> On Tue, 24 Apr 2018 12:09:50 +0200
> Stefan Schmidt wrote:
>
> > Hello.
> >
> > I have no interest to discuss any of your personal problems with
> > Coverity, so I skip that part completely. :-)
>
> Of course you would ASSUME they are personal
On Tue, 24 Apr 2018 12:09:50 +0200
Stefan Schmidt wrote:
> Hello.
>
> I have no interest to discuss any of your personal problems with
> Coverity, so I skip that part completely. :-)
Of course you would ASSUME they are personal problems. Extremely RUDE!!!
Your employer must be proud!
Maybe rea
On Tue, Apr 24, 2018 at 7:31 AM, Marcel Hollerbach wrote:
> (Additional Note)
>
> scanning through the results also shows that there is a massive amount of
> false positives.
>
> Examples:
> -
> https://sonarcloud.io/project/issues?branch=devs%2Fstefan%2Fsonar-test&id=efl&open=AWL3Ai8c-pl6AHs2kv
(Additional Note)
scanning through the results also shows that there is a massive amount
of false positives.
Examples:
-
https://sonarcloud.io/project/issues?branch=devs%2Fstefan%2Fsonar-test&id=efl&open=AWL3Ai8c-pl6AHs2kvjz&resolved=false&severities=MAJOR
-
https://sonarcloud.io/project
Hello.
I have no interest to discuss any of your personal problems with Coverity, so I
skip that part completely. :-)
I have an interest in seeing what tools can offer us to improve the code,
though.
After quickly setting up a sonar scanner run on Travis to get the efl build
analyzed I got th
Did I mention that the core of Sonar is FOSS and Coverity is
proprietary?
That means you can create your own scanner, your own quality
profiles, your own scan rules, etc.
https://docs.sonarqube.org/display/SONAR/Quality+Profiles
https://docs.sonarqube.org/display/SONAR/Rules
You can also see what
On Sat, 21 Apr 2018 12:26:03 -0400 "William L. Thomson Jr."
said:
> First off thanks to the E/EFL community for making me aware of
> Coverity. I had not heard of it before I came to E, and noticed it was
> in use. I quickly put it to use for any apps I was working on. Though I
> found some things
First off thanks to the E/EFL community for making me aware of
Coverity. I had not heard of it before I came to E, and noticed it was
in use. I quickly put it to use for any apps I was working on. Though I
found some things to be less than desirable.
Like the whole getenv tainted var situation. Wh
18 matches
Mail list logo
