Hello, I work for CodeSecure, who builds and sells the CodeSonar static analysis tool that detects both coding style violations (think MISRA) as well as deep security vulnerability (think buffer overruns due to tainted data). Over the past while, we have been running CodeSonar on a couple of open source projects nightly and yesterday I added NuttX to that list.
These runs are driven from GitLab and I have a fork of the official repo here: https://gitlab.com/codesonar/examples/nuttx Repo is updated nightly and then CodeSonar is run on the changes and these changes are stored on a SaaS CodeSonar hub. Two things I can do: * I can send a daily email to the dev list with the new warnings of that day (if there were any changes). This is what I do with a couple of OSS projects. * I can also give people from the community access to the CodeSonar hub to review the warnings there. This would provide you with the code browsing capabilities of CodeSonar as well and it would allow you to annotate warnings (High prio, low prio, false positives and so forth). * Unfortunately, at this point in time the hub is not publicly accessible. Reach out to me at mhermel...@codesecure.com<mailto:mhermel...@codesecure.com> if you would like access. I am open to other ideas as well. Right now, it only builds for raspberrypi-pico-w:nsh, I can certainly add other configurations. (note: I had to make one change to arch/arm/src/common/Toolchain.defs and comment out line 308: #ARCHOPTIMIZATION += --param=min-pagesize=0 as this was throwing an error with arm-none-eabi-gcc during compilation. Regards, Mark ________________________________ The information contained in this e-mail and any attachments from CodeSecure, Inc may contain confidential and/or proprietary information, and is intended only for the named recipient to whom it was originally addressed. If you are not the intended recipient, any disclosure, distribution, or copying of this e-mail or its attachments is strictly prohibited. If you have received this e-mail in error, please notify the sender immediately by return e-mail and permanently delete the e-mail and any attachments.
