[Gretl-devel] Re: Static code analysis of gretl
Am 24.08.2021 um 10:07 schrieb Hélio Guilherme:
Hello,
I finally got to setup a SonarCloud analysis of Gretl.
I have created a GitHub clone of the SourceForge original code, and
added a configuration for SonarCloud.
You may give a look to the analysis, but please don't lose focus on the
delivery of the new version of Gretl.
Maybe there are some insights that could help improving the code.
Thanks, Hélio, this is potentially very useful. Artur came up with a
similar (I think) automated analysis in the past, and a few code
improvements resulted from that.
OTOH, I'm sure that the true number of flaws and bugs is nowhere near
the astronomical number reported there. I'd say the artificial
intelligence there is not mature enough yet and the result needs more
filtering. But I'm especially curious about the assessment of what they
call potential security flaws.
cheers
sven