[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Static code analysis on github
|
From: |
Kai Torben Ohlhus |
|
Subject: |
Re: Static code analysis on github |
|
Date: |
Fri, 2 Oct 2020 17:50:04 +0900 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0 |
On 10/2/20 5:04 PM, Markus Mützel wrote:
> Hi Kai,
>
> Github seems to provide static code analysis for public repositories hosted
> on their platform:
> https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning-for-a-repository
>
> I'm not particularly familiar with Github. So I can't judge if that is
> something that we could use to analyze the Octave repository hosted there:
> https://github.com/gnu-octave/octave
>
> Also PVS Studio, which we had a trial run with some time ago, seems to offer
> free licenses for OSS projects hosted on Github:
> https://www.viva64.com/en/b/0600/
>
> Do you think that could be useful for us?
>
> Markus
>
Hi Markus,
Yes, I read about this feature, too. A try with default settings seems
to be insufficient for the magic.
https://github.com/gnu-octave/octave/commit/24cc0307ab26f43ca6ea51a4c6510f413ad2204b
https://github.com/gnu-octave/octave/runs/1197846549
Octave is very complex to build, maybe beyond the scope of what the
CodeQL project is aiming for. If you are interested you can tune the
file as you please. All owners of the "gnu-octave" group (you are
markuman?) can try out things in that repo (without my permission ;-)).
If it is broken, I reset it.
If you don't want to try more with it, I have to remove the commit.
Otherwise the auto-update of the repository is broken, as it is no
official commit.
Kai
P.S.: Some observation: recently the maintainers mailing list seems to
be preferred over Discourse again. Did problems with Discourse come up
recently?