jonathanmetzman
jonathanmetzman
>can make some alerts effectively invisible. Then again I'm not sure how SARIF is generated by CIFuzz. Unfortunately I think this can make some of our alerts invisible. This feature...
> Got it. One last thing as far as I can remember there are MSan false positives in the systemd repository (because systemd doesn't build its dependencies with MSan) and...
Ah so then these issues won't be reported. On Thu, Apr 27, 2023 at 3:11 PM Evgeny Vereshchagin < ***@***.***> wrote: > I think ideally systemd should start building its...
>on a somewhat related note that "OSSF scorecard" thing is going to complain about "security-events: write" and inject its promotional links once it's added Because we are writing sarif files...
I'll document what to do to turn on the code scanning by tomorrow. Thanks a lot for your help!
@evverx sarif is documented now? Could you help me out and try this on systemd? https://google.github.io/oss-fuzz/getting-started/continuous-integration/ I can send a PR if you'd like.
Ah, let me try changing this. Thank you!
This is done.
I'm fine with a single project using their own clang.
Yeah we're fine with you update your own clang, but you are in warranty void territory (not that there's othewise a warranty :-)