Siteshwar Vashisht
Siteshwar Vashisht
Another possibility is to do differential scans with latest koji builds. Although the results may look confusing as they may contain findings from changes outside a pull request. So, it...
> > Although the results may look confusing as they may contain findings from changes outside a pull request. > > I agree this could be quite misleading and inaccurate,...
> I would go slightly further and I don't think that it's appropriate to report shellcheck warnings, specifically, to anyone ever. :) I would suggest you to look at this...
> Thanks for the report. We appreciate scanning w/ various static analyzer tools and we think it's valuable. > > On the other hand, I'm not sure the report is...
> ``` > if [ -n "${var}" ]; then > rm -rf "${var}"/* > fi > ``` Until a relatively junior engineer refactors this code and accidentally drops the `if`...
> [@siteshwar](https://github.com/siteshwar): Hello! Sorry for the delayed reply. > > I marked in bold the things that I _might_ do something about. > > def1: There is no file `colorxzgrep.sh`...
> Not including a copy of the report inline isn't ideal if someone wants to review this a few years later, but otherwise I'm perfectly fine with only the link...
Would upstream accept a patch directly suppressing shellcheck warnings in the code? I have opened a pull request to suppress these warnings in OpenScanHub, but I guess it would be...
> > [@siteshwar](https://github.com/siteshwar): > > Thanks for the plain text copy! > > > Would upstream accept a patch directly suppressing shellcheck warnings in the code? > > I'm not...
> Coverity was run on the codebase a year ago. There was some discussion to add a GitHub workflow file for it too, but it wasn't finished. I have forgotten...