On Thu, Jan 15, 2026 at 10:43 AM Konrad Kleine <[email protected]> wrote: > > Hi, > > I've filed a PR to the known-false-positives repository here: > > https://github.com/openscanhub/known-false-positives/pull/47 > > I wanted to see if the file is correctly picked up but I don't understand how > to use the csfilter-kfp mentioned here: > > https://github.com/openscanhub/known-false-positives/blob/8eff7013db7cd9a5031abd197a0c05f7ae4b43a7/README.md?plain=1#L31-L34 > > Can you please explain here or in the README how to do that with a given > report like the following one?
Download the scan-results.js[1] for llvm and run the `csfilter-kfp` like I mentioned in the GitHub comment: ``` csfilter-kfp llvm-21.1.8-1.fc44/scan-results.js --kfp-dir known-false-positives ``` I have documented it in the wiki[2] too. Thanks! > > https://svashisht.fedorapeople.org/openscanhub/mass-scans/f44-08-Jan-2026/ > > The false positives I've identified in LLVM will probably stay there forever. > My llvm/ignore.err file contains "llvm-project-21.1.8.src" in the referenced > file paths. Will future versions pick this up correctly and ignore the error > or do I have to modify the version for each release? > > Regards > Konrad > > On Fri, Jan 9, 2026 at 1:27 PM Siteshwar Vashisht <[email protected]> > wrote: >> >> Hello, >> >> I am writing this message to get feedback from the community on new >> findings by static analyzers in Critical Path Packages that have >> changed in Fedora 44. >> >> TLDR: This report[1] contains a total of 89972 findings and 3375 new >> findings identified since Fedora 43. Please review the report and >> provide feedback. False positives can now be recorded in the >> known-false-positives[5] repository. >> >> A mass scan was performed on the packages that have changed in Fedora >> 44. This report[1] contains all the findings that have been identified >> in the Critical Path Packages. Newly added findings since Fedora 43 >> are listed under ‘+’ column and these should be prioritized while >> reviewing the findings (and fixing them upstream). Not all findings >> reported by OpenScanHub may be actual bugs, so please verify reported >> findings before investing time into fixing or reporting them. We have >> used the current development version of GCC to perform the scans, >> which may increase the likelihood of having false positives in the GCC >> reports. >> >> False positives can now be recorded in the known-false-positives[5] >> repository. These findings are automatically suppressed by OpenScanHub >> in scans that are triggered later. Also, you can filter findings with >> the csgrep utility to make it easier to review reports that may >> contain a large amount of false positives. Examples of csgrep >> invocation are available on the Fedora wiki[4]. >> >> We hope this is helpful for the packages you maintain and for the >> upstream projects. Questions can be asked on the OpenScanHub mailing >> list[2]. If you want to see the raw scan results, they are available >> on the tasks[3] page. User documentation for performing a scan is >> available on the Fedora wiki[4]. >> >> Please keep the feedback on this thread constructive. Thank you! >> >> [1] >> https://svashisht.fedorapeople.org/openscanhub/mass-scans/f44-08-Jan-2026/ >> >> [2] >> https://lists.fedoraproject.org/archives/list/[email protected]/ >> >> [3] https://openscanhub.fedoraproject.org/task/ >> >> [4] https://fedoraproject.org/wiki/OpenScanHub >> >> [5] https://github.com/openscanhub/known-false-positives >> >> -- >> _______________________________________________ >> devel mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedoraproject.org/archives/list/[email protected] >> Do not reply to spam, report it: >> https://pagure.io/fedora-infrastructure/new_issue > > -- > _______________________________________________ > devel mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue [1] https://openscanhub.fedoraproject.org/task/91528/log/llvm-21.1.8-1.fc44/scan-results.js?format=raw [2] https://fedoraproject.org/wiki/OpenScanHub#Known_False_Positives -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
