Hello everyone!
I am vasramc, and I would be participating in this year's Google Summer Of Code
program with the project:
Continuous static analysis db
This project proposes the design and implementation of a system to continuously run
multiple security oriented static analyzers on source code and display the alarms related
to a specific version of the analyzed software. The alarms to be presented will be ranked
based on their importance, where critical flaws shall be ranked first and potential false
positives are ranked last. We will develop a tool to perform continuous static analysis
with different static analyzers and propose a warning classification method using their
outputs. We will also propose a visualization approach for the information generated with
our tool.
I chose this project because this is something that can be of great help to Fedora if
completed successfully. The large amount of code that Fedora ships can be tested with the
static analyzers to make sure that it is not faulty. Static analysis can provide very
detailed analysis about our code and alert us to bugs in the system before we ship it.
Apart from the bugs, it can also alert us to warnings(red flags) in the code that the
static analyzers throw.
This bundled with a web UI to show the present and past results of the static analysis on
a particular software can be used to improve the quality of code that Fedora ships.
Hoping to have a great summer!
Thank you!
Show replies by date