incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Animesh Chaturvedi <animesh.chaturv...@citrix.com>
Subject RE: Static Analysis Tools
Date Tue, 20 Nov 2012 19:39:33 GMT
I have used Coverity in the past for commercial projects with very good success.  I did a quick
google search and looks like Coverity has a program for open source software quality which
can potentially leveraged for CloudStack. Here is the link http://scan.coverity.com/getting-started.html


-----Original Message-----
From: John Kinsella [mailto:jlk@stratosec.co] 
Sent: Tuesday, November 20, 2012 11:12 AM
To: cloudstack-dev@incubator.apache.org
Subject: Re: Static Analysis Tools

Additionally I (and others) run ACS through Fortify Source Code Analyzer. Personally I think
findbugs is a bit of a toy, but anything helps...

John

On Nov 20, 2012, at 10:44 AM, David Nalley <david@gnsa.us>
 wrote:

> On Tue, Nov 20, 2012 at 1:36 PM, Animesh Chaturvedi 
> <animesh.chaturvedi@citrix.com> wrote:
>> 
>> Folks
>> 
>> I want to get your opinion on using static analysis tools like PMD 
>> for CloudStack to catch some of the bugs early on. Maven has a plugin 
>> for PMD  http://maven.apache.org/plugins/maven-pmd-plugin/
>> 
>> Thanks
>> Animesh
> 
> So we have Sonar (analysis.apache.org) sorta in place - doesn't mean 
> we can't do something else, but this exists.
> https://analysis.apache.org/dashboard/index/100206
> 
> --David
> 

Stratosec - Secure Infrastructure as a Service
o: 415.315.9385
@johnlkinsella


Mime
View raw message