[squid-dev] PVS Studio

Francesco Chemolli gkinkie at gmail.com
Tue Jan 15 12:03:32 UTC 2019

> On Jan 14, 2019, at 19:11, Alex Rousskov <rousskov at measurement-factory.com> wrote:
> On 1/14/19 3:20 PM, Francesco Chemolli wrote:
>> Hi all,
>>  the team behind PVS studio (static code analysis tool) has decided
>> to support FOSS projects for free (beer).
>>  https://hownot2code.com/2019/01/14/free-pvs-studio-for-those-who-develops-open-source-projects/
>>  Unless there are any concerns, I'll look into integrating our build
>> pipelines with that service in addition to Coverity.
> Coverity has not been integrated into our automated testing of pull
> requests. I assume you want to look into similar-to-Coverity integration
> for PVS studio, and I would welcome that kind of integration if your
> initial tests are positive.

Coverity cannot be fully integrated in the pull request workflow: in order not to squander resources on their cloud offering, they ask (do not enforce, though) not to do more than a scan per week. In other words, what we do now is the best we can do with their free tool.
I’ve rechecked PVS studio; their ask for FOSS projects is that a comment be added to every single file acknowledging their support, and I do not think that’s a fair ask of them, so I’m stopping the effort.
I’ve looked into other similar static check tools such as Facebook’s Infer, it’s a pain in the neck to build. clang static analyzer (https://clang-analyzer.llvm.org/) may be our best option if we want per-commit static code analysis.


More information about the squid-dev mailing list