[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Static code analysis on github

From: Kai Torben Ohlhus
Subject: Re: Static code analysis on github
Date: Fri, 2 Oct 2020 17:50:04 +0900
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0

On 10/2/20 5:04 PM, Markus Mützel wrote:
> Hi Kai,
> Github seems to provide static code analysis for public repositories hosted 
> on their platform:
> https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning-for-a-repository
> I'm not particularly familiar with Github. So I can't judge if that is 
> something that we could use to analyze the Octave repository hosted there:
> https://github.com/gnu-octave/octave
> Also PVS Studio, which we had a trial run with some time ago, seems to offer 
> free licenses for OSS projects hosted on Github:
> https://www.viva64.com/en/b/0600/
> Do you think that could be useful for us?
> Markus

Hi Markus,

Yes, I read about this feature, too.  A try with default settings seems
to be insufficient for the magic.


Octave is very complex to build, maybe beyond the scope of what the
CodeQL project is aiming for.  If you are interested you can tune the
file as you please.  All owners of the "gnu-octave" group (you are
markuman?) can try out things in that repo (without my permission ;-)).
 If it is broken, I reset it.

If you don't want to try more with it, I have to remove the commit.
Otherwise the auto-update of the repository is broken, as it is no
official commit.


P.S.: Some observation: recently the maintainers mailing list seems to
be preferred over Discourse again.  Did problems with Discourse come up

reply via email to

[Prev in Thread] Current Thread [Next in Thread]