[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Coverity Scan for GNUstep?
From: |
Fred Kiefer |
Subject: |
Coverity Scan for GNUstep? |
Date: |
Sun, 14 Jan 2018 19:54:50 +0100 |
I remember we talked about this before, maybe at the Dublin meeting. There is
the option to set up GNUstep on scan.coverity.com to have the code
automatically checked for known vulnerabilities. At the time we did discuss
this there wasn’t support for Objective-C but this seems to have been added:
https://www.synopsys.com/content/dam/synopsys/sig-assets/datasheets/CWE-CC-Objective-C.pdf
What are your opinions on this? In the beginning it will require some extra
effort to fix the found weaknesses and somehow to flag the false positives. And
who should be in charge of getting the reports? The idea here is that only the
person registered for the project will get the report to prevent 0-day issues
becoming public too soon.
Fred
- Coverity Scan for GNUstep?,
Fred Kiefer <=
- Re: Coverity Scan for GNUstep?, Ivan Vučica, 2018/01/14
- Re: Coverity Scan for GNUstep?, Fred Kiefer, 2018/01/15
- Re: Coverity Scan for GNUstep?, Ivan Vučica, 2018/01/16
- Re: Coverity Scan for GNUstep?, Fred Kiefer, 2018/01/21
- Re: Coverity Scan for GNUstep?, David Chisnall, 2018/01/21
- Re: Coverity Scan for GNUstep?, Ivan Vučica, 2018/01/21
- Re: Coverity Scan for GNUstep?, Fred Kiefer, 2018/01/21
- Re: Coverity Scan for GNUstep?, Ivan Vučica, 2018/01/21