khiops icon indicating copy to clipboard operation
khiops copied to clipboard
verified publisher icon KhiopsML

Consider Adding Code Auditing Tooling

Open popescu-v opened this issue 11 months ago • 1 comments

Description

Several tools could be used to this end, in the GitHub CI and locally:

  • Valgrind (memcheck, --leak-check=yes, ...),
  • ASan (gcc or clang with --fsanitize=address)
  • UBSan (gcc or clang with --fsanitize=undefined),
  • Checkmarx,
  • SonarQube,
  • etc.

The goal of this issue is to come with:

  • a set of auditing tools to be used,
  • their appropriate configuration (to reduce reporting noise),
  • their automation in the GitHub CI

Context

  • Khiops version: >= 11

popescu-v avatar Jan 09 '25 16:01 popescu-v

Adding Snyk (free) to the candidates list. For an example of usage of ASan/UBSan you may take a look at the driver repos.

sgouache avatar Jan 10 '25 17:01 sgouache