You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Mark Thomas <ma...@apache.org> on 2014/09/01 09:19:26 UTC

Re: Coverity static analysis scanning

On 28/08/2014 15:44, Freddy Mallet wrote:
> Hi Guys,
> 
> I'm the leading the development of the SonarQube platform. If you want any
> personal login/password to http://nemo.sonarqube.org/ and/or if you want us
> to tune the set of coding rules used to analyze the Tomcat project, feel
> free to ping me or

I'd like an account to have a poke around the results - markt@apache.org
please

> Obviously, if you're getting some false-positives, I'm also eager to get
> your feedback to help us tuning our java analyser.

False positives are expected. In the past the biggest problem I have
found with code analysis systems is the hoops you have to jump through
to mark something as a false positive.

Cheers,

Mark
> 
> Thanks
> -----
> twitter.com/FreddyMallet
> SonarQube for Continuous Inspection
> 
> 
> ---------- Forwarded message ----------
>> From: Henri Gomez <he...@gmail.com>
>> Date: 2014-08-26 23:52 GMT+02:00
>> Subject: Re: Coverity static analysis scanning
>> To: Tomcat Developers List <de...@tomcat.apache.org>
>>
>>
>> Hi all
>>
>> Are you aware SonarQube is analysing Tomcat in Nemo for years ?
>>
>>
>> http://nemo.sonarqube.org/dashboard/index/50544
>>
>> 310 Blocker issues, 121 Critical issues.
>>
>> Wondering if Coverity will provides more informations than SonarQube ?
>>
>> BTW, SonarQube is analysing major ASF projects for a long time now :)
>>
>>
>> 2014-08-26 11:20 GMT+02:00 Mark Thomas <ma...@apache.org>:
>>> All,
>>>
>>> I have been pinged off-list by Coverity to say that they have set up
>>> Tomcat with a free account with their static code analysis service.
>>>
>>> I think I have the ability to send invitations so if anyone wants to
>>> take a look at the results, just reply here.
>>>
>>> I have taken a quick look and they do appear to have found some valid
>>> threading issues. There are ~350 issues in total and I don't yet have a
>>> feel for the false positive rate.
>>>
>>> Mark
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: dev-help@tomcat.apache.org
>>>
>>
>>
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org