> -----Original Message----- > From: dev [mailto:dev-boun...@dpdk.org] On Behalf Of Luca Boccassi > Sent: Wednesday, March 6, 2019 3:28 PM > To: dpdk-dev <dev@dpdk.org> > Cc: Mcnamara, John <john.mcnam...@intel.com>; Thomas Monjalon > <tho...@monjalon.net>; Yigit, Ferruh <ferruh.yi...@intel.com> > Subject: Re: [dpdk-dev] DPDK Release Status Meeting 21/2/2019 > > On Thu, 2019-02-21 at 17:43 +0000, Luca Boccassi wrote: > > On Thu, 2019-02-21 at 16:09 +0000, Ferruh Yigit wrote: > > > Minutes 21 February 2019 > > > ------------------------ > > > > cut > > > > > * Coverity is partially back, but new analyses aren't running > > > * Looking for suggestions from the community for a better or more > > > stable > > > solutions > > > > The clang-based alternative I mentioned that can be used from > > Travis/Github is sonarcloud.io: > > > > https://sonarcloud.io/ > > > > Here's an example implementation: > > > > https://github.com/zeromq/libzmq/commit/4d3516f634a4a5e3f522f5cb277da3 > > 8b188d32eb > > I've tested Sonarcloud, they are saying DPDK stinks (22000 code smells > flagged) :-) > > https://sonarcloud.io/dashboard?id=bluca_dpdk > > It seems the main "security" issues it highlights are the usage of > sprintf, strcpy and strcat. They can probably be easily filtered out. >
Have we not got all those changed yet? Just about every static analysis tool under the sun is going to flag those functions, so we are better off just replacing them ASAP. /Bruce
