Re: First sonar static analysis results


Luca Muscariello
 

Dave,

is the integration made from the github mirror or directly from gerrit?
We are using coverity for hicn but I agree that sonar cloud looks way better.

I'd love to test for hicn.

Thanks
Luca

On Thu, Mar 26, 2020 at 8:37 PM Dave Barach via Lists.Fd.Io <dbarach=cisco.com@...> wrote:
https://sonarcloud.io/organizations/fdio/issues?projects=fdio-vpp

As with Coverity, Sonar seems primed to bitch about a set of things which aren't real. For example:

   vlib_buffer_advance (b0, -sizeof(ip_header_t));

or

#define DEBUG_FOO 0

if (DEBUG_FOO > 0)

The UI is nice, the workflow isn't awful, and the tool runs reasonably fast.

Thanks to Eric Ball for walking me through the process. I'll write it up in detail for our CI folks.

Dave



Join tsc@lists.fd.io to automatically receive all group messages.