Hello,
I am writing this message to get feedback from the community on new
findings by static analyzers in Critical Path Packages that have
changed in Fedora 42.
TLDR: This report[1] contains 37330 findings. Please review the report
and provide feedback.
A mass scan was performed this week on the packages that have changed
in Fedora 42. This report[1] contains all the new findings that have
been identified in the packages listed in Critical Path Packages.
Newly added findings since Fedora 41 are listed under ‘+’ column.
Please review the report and fix or report any findings upstream that
may be real bugs. Not all findings reported by OpenScanHub may be
actual bugs, so please verify reported findings before investing time
into fixing or reporting them. We hope this is helpful for the
packages you maintain and for the upstream projects. Questions can be
asked on the OpenScanHub mailing list[2]. If you want to see the full
logs of the scans, they are available on the tasks[3] page. User
documentation for performing a scan is available on the Fedora
wiki[4].
Constructive feedback is appreciated. Thank you!
[1] https://svashisht.fedorapeople.org/openscanhub/mass-scans/f42-13-Nov-2024/
[2] https://lists.fedoraproject.org/archives/list/openscanhub@lists.fedoraproje…
[3] https://openscanhub.fedoraproject.org/task/
[4] https://fedoraproject.org/wiki/OpenScanHub
Hello,
could you please add repositories from https://copr.fedorainfracloud.org/coprs/dmalcolm/gcc-latest/ to the corresponding mock configs used by https://openscanhub.fedoraproject.org/?
It should be safe to add them to the default configuration because the gcc-latest package will not be installed unless a user explicitly requests it (or the scanned SRPM depends on it, which is unlikely).
There is a draft pull request to make csmock-plugin-gcc optionally consume the SARIF output of GCC and it depends on this COPR: https://github.com/csutils/csmock/pull/187
Kamil
Hello,
I am writing this message to get feedback from the community on possibly
new defects identified by static analyzers in Critical Path Packages that
have changed in Fedora 41. For context, please see my previous email[1].
TLDR: This report[2] contains 73976 identified defects. Please review the
report and provide feedback.
A mass scan was performed this week on the packages that have changed in
Fedora 41. This report[2] contains all the new defects that have been
identified in the packages listed in Critical Path Packages. Please review
the report and fix or report any defects to upstream that may be real bugs.
Not all defects reported by OpenScanHub may be actual bugs, so please
verify reported defects before investing time into fixing or reporting
them. We hope this is helpful for the packages you maintain and for the
upstream projects. Questions can be asked on the OpenScanHub mailing
list[3]. If you want to see the full logs of the scans, they are available
on the tasks[4] page. User documentation for performing a scan is available
on the Fedora wiki[5].
Please remember this is currently an early production stage for OpenScanHub
scanning. Constructive feedback is appreciated. Thank you!
[1]
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org…
[2] https://svashisht.fedorapeople.org/f41-03-Jul-2024/
[3]
https://lists.fedoraproject.org/archives/list/openscanhub@lists.fedoraproje…
[4] https://openscanhub.fedoraproject.org/task/
[5] https://fedoraproject.org/wiki/OpenScanHub
--
Siteshwar Vashisht
Hello,
This is a follow up on my previous email[1] about OpenScanHub Prototype for
Fedora.
Thank you to those who have provided early feedback. Your help is truly
appreciated!
I am writing this message to get feedback from the community on possibly
new defects identified by static analyzers in Core Critical Path packages
that have changed in Fedora 41.
TLDR: This report[2] contains 14188 identified defects. Please review the
report and provide feedback.
A mass scan was performed this week on the packages that have changed in
Fedora 41. This report[2] contains all the new defects that have been
identified in the core packages listed in Critical Path Packages. Please
review the report and fix or report any defects to upstream that may be
real bugs. Not all defects reported by OpenScanHub may be actual bugs, so
please verify reported defects before investing time into fixing or
reporting them. We hope this is helpful for the packages you maintain and
for the upstream projects. Questions can be asked on the OpenScanHub
mailing list[3]. If you want to see the full logs of the scans, they are
available on the tasks[4] page. User documentation for performing a scan is
available on the Fedora wiki[5].
If the feedback on this report is positive, there may be a possibility of
increasing the scope of scans to cover a wider range of packages.
Please remember this is currently an early production stage for OpenScanHub
scanning. Constructive feedback is appreciated. Thank you!
[1]
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org…
[2] https://svashisht.fedorapeople.org/f41-22-Apr-2024/
[3]
https://lists.fedoraproject.org/archives/list/openscanhub@lists.fedoraproje…
[4] https://openscanhub.fedoraproject.org/task/
[5] https://fedoraproject.org/wiki/OpenScanHub