godofredoc
godofredoc
We currently run it as a command inside our Android and iOS builders, but we are planning to separate them to their own builders. One thing I noticed is that...
\cc @zanderso
Thank you @gabibguti for the details. No, we reused the configurations from some of our public repositories. I'll update the config and report back the results.
I think I know what the issue is: ```RequestError [HttpError]: Advanced Security must be enabled for this repository to use code scanning.``` Seems like scorecards need "Advanced Security" enabled for...
This is the api returning 403: ``` url: 'https://api.github.com/repos/flutter//code-scanning/analysis/status', status: 403, ```
\cc @jmagman any pointers that you can give us here?
Another example is [clang-tidy](https://clang.llvm.org/extra/clang-tidy/) flutter/engine makes extensive use of it in all the supported platforms. e.g. https://logs.chromium.org/logs/flutter/buildbucket/cr-buildbucket/8785261744812716625/+/u/test:_lint_host_debug/stdout
@laurentsimon even though clang tidy advertises itself as a linter tool it includes multiple memory validations, cast validations, pointer analysis, etc usually included in SAST tools (many of these are...