On Thu, 2019-02-21 at 17:43 +0000, Luca Boccassi wrote: > On Thu, 2019-02-21 at 16:09 +0000, Ferruh Yigit wrote: > > Minutes 21 February 2019 > > ------------------------ > > cut > > > * Coverity is partially back, but new analyses aren't running > > * Looking for suggestions from the community for a better or more > > stable > > solutions > > The clang-based alternative I mentioned that can be used from > Travis/Github is sonarcloud.io: > > https://sonarcloud.io/ > > Here's an example implementation: > > https://github.com/zeromq/libzmq/commit/4d3516f634a4a5e3f522f5cb277da38b188d32eb
I've tested Sonarcloud, they are saying DPDK stinks (22000 code smells flagged) :-) https://sonarcloud.io/dashboard?id=bluca_dpdk It seems the main "security" issues it highlights are the usage of sprintf, strcpy and strcat. They can probably be easily filtered out. The job on Travis takes about half an hour, so perhaps it's better as a weekly run. Integration is quite simple, based on the yet unmerged Travis patch: https://github.com/bluca/dpdk/commit/ef4f3c8bdc1b044e19d466efb9ba6fc0a3af4220 -- Kind regards, Luca Boccassi
