You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by Bill Speirs <bi...@gmail.com> on 2011/11/28 16:35:23 UTC
Coverity
At work we have started using Coverity -- a static analysis tool --
for some C++ code and it's good at finding otherwise hard-to-find
defects. I have not tested it against Java code yet, but they support
scanning open source projects for free. All that is needed is for the
project admin to send an e-mail to scan-admin@coverity.com:
http://scan.coverity.com/developers-faq.html
I think having HttpComponents run through the Coverity scan could be
beneficial. Thoughts?
Bill-
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
Re: Coverity
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Mon, 2011-11-28 at 14:22 -0800, Konstantin Boudnik wrote:
> Not to kick a dead horse or something, but is there a reason to use Coverity?
> I've been it a few project ago and it is Ok. However, I see that a lot of
> projects in ASF are using FindBugs which seems to be doing a very decent job
> and is OSS, and very easy to get and integrate with Jenkins.
>
> Cos
>
Konstantin,
It does not really matter of what of kind a static analysis tool is used
as long as it leads to submission of quality patches ;-)
Oleg
> On Mon, Nov 28, 2011 at 10:50PM, Oleg Kalnichevski wrote:
> > On Mon, 2011-11-28 at 10:35 -0500, Bill Speirs wrote:
> > > At work we have started using Coverity -- a static analysis tool --
> > > for some C++ code and it's good at finding otherwise hard-to-find
> > > defects. I have not tested it against Java code yet, but they support
> > > scanning open source projects for free. All that is needed is for the
> > > project admin to send an e-mail to scan-admin@coverity.com:
> > > http://scan.coverity.com/developers-faq.html
> > >
> > > I think having HttpComponents run through the Coverity scan could be
> > > beneficial. Thoughts?
> > >
> > > Bill-
> > >
> >
> > Bill
> >
> > It is a great idea but personally simply have no bandwidth left for it.
> > I can hardly find time to deal with the backlog of patches.
> >
> > There is no such thing as a project admin for ASF projects. There is a
> > group of people responsible for day to day project management (so called
> > project management committee). As far as I understand one does not need
> > to be a PMC member to speak for an ASF project community. You are
> > welcome to take the matter into your own hands and approach Coverity on
> > behalf of HttpComponents.
> >
> > Oleg
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
> > For additional commands, e-mail: dev-help@hc.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
> For additional commands, e-mail: dev-help@hc.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
Re: Coverity
Posted by Bill Speirs <bi...@gmail.com>.
Oleg-
Sounds good... I'll work with the Coverity folks to try and get the project
listed. I was planning on doing so for some (or all) of the projects in the
commons library.
Konstantin-
I don't know how good it is. I know a lot of projects us FindBugs and PMD
and have great success with that. However, after the initial effort to
setup HttpComponents in Coverity, as I understand it the company does all
the work on syncing out changes and running the checker on the code.
Thanks, I'll report back if/when I get it up and running.
Bill-
On Mon, Nov 28, 2011 at 5:22 PM, Konstantin Boudnik <co...@apache.org> wrote:
> Not to kick a dead horse or something, but is there a reason to use
> Coverity?
> I've been it a few project ago and it is Ok. However, I see that a lot of
> projects in ASF are using FindBugs which seems to be doing a very decent
> job
> and is OSS, and very easy to get and integrate with Jenkins.
>
> Cos
>
> On Mon, Nov 28, 2011 at 10:50PM, Oleg Kalnichevski wrote:
> > On Mon, 2011-11-28 at 10:35 -0500, Bill Speirs wrote:
> > > At work we have started using Coverity -- a static analysis tool --
> > > for some C++ code and it's good at finding otherwise hard-to-find
> > > defects. I have not tested it against Java code yet, but they support
> > > scanning open source projects for free. All that is needed is for the
> > > project admin to send an e-mail to scan-admin@coverity.com:
> > > http://scan.coverity.com/developers-faq.html
> > >
> > > I think having HttpComponents run through the Coverity scan could be
> > > beneficial. Thoughts?
> > >
> > > Bill-
> > >
> >
> > Bill
> >
> > It is a great idea but personally simply have no bandwidth left for it.
> > I can hardly find time to deal with the backlog of patches.
> >
> > There is no such thing as a project admin for ASF projects. There is a
> > group of people responsible for day to day project management (so called
> > project management committee). As far as I understand one does not need
> > to be a PMC member to speak for an ASF project community. You are
> > welcome to take the matter into your own hands and approach Coverity on
> > behalf of HttpComponents.
> >
> > Oleg
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
> > For additional commands, e-mail: dev-help@hc.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
> For additional commands, e-mail: dev-help@hc.apache.org
>
>
Re: Coverity
Posted by Konstantin Boudnik <co...@apache.org>.
Not to kick a dead horse or something, but is there a reason to use Coverity?
I've been it a few project ago and it is Ok. However, I see that a lot of
projects in ASF are using FindBugs which seems to be doing a very decent job
and is OSS, and very easy to get and integrate with Jenkins.
Cos
On Mon, Nov 28, 2011 at 10:50PM, Oleg Kalnichevski wrote:
> On Mon, 2011-11-28 at 10:35 -0500, Bill Speirs wrote:
> > At work we have started using Coverity -- a static analysis tool --
> > for some C++ code and it's good at finding otherwise hard-to-find
> > defects. I have not tested it against Java code yet, but they support
> > scanning open source projects for free. All that is needed is for the
> > project admin to send an e-mail to scan-admin@coverity.com:
> > http://scan.coverity.com/developers-faq.html
> >
> > I think having HttpComponents run through the Coverity scan could be
> > beneficial. Thoughts?
> >
> > Bill-
> >
>
> Bill
>
> It is a great idea but personally simply have no bandwidth left for it.
> I can hardly find time to deal with the backlog of patches.
>
> There is no such thing as a project admin for ASF projects. There is a
> group of people responsible for day to day project management (so called
> project management committee). As far as I understand one does not need
> to be a PMC member to speak for an ASF project community. You are
> welcome to take the matter into your own hands and approach Coverity on
> behalf of HttpComponents.
>
> Oleg
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
> For additional commands, e-mail: dev-help@hc.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
Re: Coverity
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Mon, 2011-11-28 at 10:35 -0500, Bill Speirs wrote:
> At work we have started using Coverity -- a static analysis tool --
> for some C++ code and it's good at finding otherwise hard-to-find
> defects. I have not tested it against Java code yet, but they support
> scanning open source projects for free. All that is needed is for the
> project admin to send an e-mail to scan-admin@coverity.com:
> http://scan.coverity.com/developers-faq.html
>
> I think having HttpComponents run through the Coverity scan could be
> beneficial. Thoughts?
>
> Bill-
>
Bill
It is a great idea but personally simply have no bandwidth left for it.
I can hardly find time to deal with the backlog of patches.
There is no such thing as a project admin for ASF projects. There is a
group of people responsible for day to day project management (so called
project management committee). As far as I understand one does not need
to be a PMC member to speak for an ASF project community. You are
welcome to take the matter into your own hands and approach Coverity on
behalf of HttpComponents.
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
Re: Coverity
Posted by Bill Speirs <bi...@gmail.com>.
That is a good question. I know Coverity can scan Java, so I don't
know why they couldn't... worth an e-mail I'd think.
Bill-
On Mon, Nov 28, 2011 at 10:42 AM, sebb <se...@gmail.com> wrote:
> On 28 November 2011 15:35, Bill Speirs <bi...@gmail.com> wrote:
>> At work we have started using Coverity -- a static analysis tool --
>> for some C++ code and it's good at finding otherwise hard-to-find
>> defects. I have not tested it against Java code yet, but they support
>> scanning open source projects for free. All that is needed is for the
>> project admin to send an e-mail to scan-admin@coverity.com:
>> http://scan.coverity.com/developers-faq.html
>>
>> I think having HttpComponents run through the Coverity scan could be
>> beneficial. Thoughts?
>
> Does the service support Java code?
>
> I only see C/C++ mentioned.
>
>> Bill-
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
>> For additional commands, e-mail: dev-help@hc.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
> For additional commands, e-mail: dev-help@hc.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org
Re: Coverity
Posted by sebb <se...@gmail.com>.
On 28 November 2011 15:35, Bill Speirs <bi...@gmail.com> wrote:
> At work we have started using Coverity -- a static analysis tool --
> for some C++ code and it's good at finding otherwise hard-to-find
> defects. I have not tested it against Java code yet, but they support
> scanning open source projects for free. All that is needed is for the
> project admin to send an e-mail to scan-admin@coverity.com:
> http://scan.coverity.com/developers-faq.html
>
> I think having HttpComponents run through the Coverity scan could be
> beneficial. Thoughts?
Does the service support Java code?
I only see C/C++ mentioned.
> Bill-
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
> For additional commands, e-mail: dev-help@hc.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org