it depends on how haproxy is built (number of flags) we use most of available options when testing on coverity
https://github.com/haproxy/haproxy/blob/master/.travis.yml#L8 can you share build command ? we may also set up sonar in travis-ci schedules. (personally, I find sonar too much noisy, but I agree, it finds bugs sometimes) ср, 11 сент. 2019 г. в 13:08, GARDAIS Ionel < ionel.gard...@tech-advantage.com>: > > > On Tue, Sep 10, 2019 at 08:29:38PM +0500, ???? ??????? wrote: > > > those findings are mostly mess (maybe, except few real bugs). > > > I do not mind sharing those findings with community, Willy ? > > > we need more manpower here. > > > > Oh no problem! I'm not the one asking to hide bugs, the more eyeballs > > on bug reports, the faster these ones will be sorted out! Also if one > > fears that this could help a black hat guy find a vulnerability and > > exploit it, mind you that these people already spend time scanning the > > same code (with and without tools) and spot bugs in advance without > > relying on our public reports anyway. > > > Please note that Sonarqube is scanning haproxy code too. > Results are available at https://sonarcloud.io/dashboard?id=haproxy > > Some results are false positive but some are worth looking at. > -- > 232 avenue Napoleon BONAPARTE 92500 RUEIL MALMAISON > Capital EUR 219 300,00 - RCS Nanterre B 408 832 301 - TVA FR 09 408 832 301 > >
