-
Notifications
You must be signed in to change notification settings - Fork 273
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How do we feel about Coverity Scan? #323
Comments
Though I have not used this particular service, I have used comparable ones in other projects. It is good. More testing is better. |
Should I try and set it up? Maybe there's a way to give access to it to the |
Please do. |
@Oppen I have given you privileged access to the repository. |
I made a simple test, no automation yet. I'm fixing a few issues, I'll resume work during the weekend and try to get to a draft PR for automation (plus a PR for the fixes). |
Some years ago I played a bit with Coverity Scan for some personal (admittedly toy) projects and it looked like a good way to find hard to spot memory bugs (it catches a few more things IIRC, but those were the ones it shined the brightest).
There's a free service for open source projects that we could take advantage of and in my experience it's far more sophisticated than tools like cppcheck, and slightly better at finding bugs than clang-analyzer.
Go and Java are also supported, so it could also be useful for implementations on those languages.
The downsides:
So, what do other devs think? I'm interested in @lemire's opinion specially.
The text was updated successfully, but these errors were encountered: