Hello, I am writing this message to get feedback from the community on new findings by static analyzers in Critical Path Packages that have changed in Fedora 43.
TLDR: This report[1] contains a total of 54975 findings and 1732 new findings identified since Fedora 42. Please review the report and provide feedback. False positives can now be recorded in the known-false-positives[5] repository. A mass scan was performed on the packages that have changed in Fedora 43. This report[1] contains all the findings that have been identified in the Critical Path Packages. Newly added findings since Fedora 42 are listed under ‘+’ column and these should be prioritized while reviewing the findings (and fixing them upstream).. Not all findings reported by OpenScanHub may be actual bugs, so please verify reported findings before investing time into fixing or reporting them. False positives can now be recorded in the known-false-positives[5] repository. These findings are automatically suppressed by OpenScanHub in scans that are triggered later. Also, you can filter findings with the csgrep utility to make it easier to review reports that may contain a large amount of false positives. Examples of csgrep invocation are available on the Fedora wiki[4]. We hope this is helpful for the packages you maintain and for the upstream projects. Questions can be asked on the OpenScanHub mailing list[2]. If you want to see the full logs of the scans, they are available on the tasks[3] page. User documentation for performing a scan is available on the Fedora wiki[4]. Please keep the feedback on this thread constructive. Thank you! [1] https://svashisht.fedorapeople.org/openscanhub/mass-scans/f43-25-Apr-2025/ [2] https://lists.fedoraproject.org/archives/list/openscan...@lists.fedoraproject.org/ [3] https://openscanhub.fedoraproject.org/task/ [4] https://fedoraproject.org/wiki/OpenScanHub [5] https://github.com/openscanhub/known-false-positives -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
