> -----Original Message-----
> From: Stephen Hemminger <step...@networkplumber.org>
> Sent: Thursday, June 9, 2022 3:36 AM
> To: Mcnamara, John <john.mcnam...@intel.com>
> Cc: Thomas Monjalon <tho...@monjalon.net>; dev@dpdk.org;
> david.march...@redhat.com
> Subject: Re: Lgtm scan of DPDK
>
> On Wed, 8 Jun 2022 08:35:45 +0000
> "Mcnamara, John" <john.mcnam...@intel.com> wrote:
>
> > > -----Original Message-----
> > > From: Thomas Monjalon <tho...@monjalon.net>
> > > Sent: Wednesday, June 8, 2022 9:23 AM
> > > To: Stephen Hemminger <step...@networkplumber.org>
> > > Cc: dev@dpdk.org; Mcnamara, John <john.mcnam...@intel.com>;
> > > david.march...@redhat.com
> > > Subject: Re: Lgtm scan of DPDK
> > >
> > > 28/05/2022 01:12, Stephen Hemminger:
> > > > I just discovered that there is another tool similar to Coverity
> > > > for
> > > scanning.
> > > > It gives different results, and might be useful.
> > > > The scans of github open source projects is already done.
> > > >
> > > > See: https://lgtm.com/projects/g/DPDK/dpdk
> > > >
> > > > Shows 19 errors, 263 warnings and 111 recommendations.
> > > >
> > > > ...
>
> Some background on why I looked at this.
>
> LGTM became Codeql which is now owned by Microsoft.
> Our internal build system now runs Codeql on all builds, mostly as a
> security scan.
>
> Long term would like to make DPDK upstream clean (so the team doesn't get
> false warnings) and engage Codeql if possible to resolve the issues on
> their side (like the Python noise).
>
> For now, will try to filter out anything that gets marked
>
Hi Stephen,
That is interesting. If you want help broadening out the initiative in the
community let me know. In terms of static code analysis more is better so I'm
in favour of any initiatives like this.
John
