pyecore icon indicating copy to clipboard operation
pyecore copied to clipboard
verified publisher icon pyecore

Coverity Scan

Open CFAndy opened this issue 7 years ago • 3 comments

Hi Vincent @aranega Do you have a plan to register pyecore at https://scan.coverity.com ? The static scan tool is free for open source project and should be helpful to reduce the security risk due to small code error. I have done some offline scan for pyecore with open source tool from redhat. But a scan report from coverity will always greatly uplift the security reputation of opensource project.This is just a soft suggestion. Again, thank a lot for the contribtion on this project! -Andy

CFAndy avatar Dec 29 '18 02:12 CFAndy

Hi @CFAndy ,

Thanks for the suggestion and the kind words! I will try the project you proposed. Currently, I use codacy which give nice feedbacks, but I'm always eager to find new tools to improve PyEcore security and code quality! (I tried some mutation analysis also in order to improve the quality of the tests, but I'm still not convinced by the technique for generalist languages).

aranega avatar Dec 29 '18 11:12 aranega

Hi Vincent @aranega codeacy is also great. Could it give a static report which could be linked in the webpage of this project?
-Andy

CFAndy avatar Jan 02 '19 01:01 CFAndy

@CFAndy No problem! Here is the link: https://www.codacy.com/app/aranega/pyecore. All is not green, but they are wanted side effects. I will work on better design for some sooner or later. I also added a badge on the README.rst file with a quick access to the page (only on develop for now).

I've started to configure the project for coverty scan, but I had some struggle with the tool that you need to use offline. As soon as I have more time, I will try anyway, it's always interesting to have feedbacks!

aranega avatar Jan 02 '19 09:01 aranega