klockwork source code analysis

Auke Kok sofar at foo-projects.org
Tue Aug 1 16:48:22 CEST 2006 


klockwork delivered! we now have an active account and there's already bugs 
waiting. I'll need a delegate who will do the bugtracking from now on (our own 
Adrian Bunk of Xfce ;^)) so that someone with *time* can work on it.

Please note that all that klockwork asks is that we give them credit in the 
form of (e.g.) a commit message ("Found by Klockwork"). I suggest that we put 
them on the website with a link ("Xfce uses Klockwork to analyze its source 
code" or something similar.)

if there are interested people then they should step forward. This may be a 
good starting point for a new developer, but all others should somehow look at 
this too, so we need someone to report out to everyone.

Cheers,

Auke


-------- Original Message --------
Date: Tue, 1 Aug 2006 09:29:45 -0400
From: Adam Harrison <adam.harrison at klocwork.com>
To: <sofar at foo-projects.org>

Hello Auke,


My name is Adam Harrison and I am now the Technical Lead for the Open
Source Project at Klocwork.  We successfully analyzed XFce
Here's a summary of what we found:
- 284 defects
- 53 security vulnerabilities

I've attached a short .pdf presentation that walks through how to use
our Project Central interface.  Note: since we've only run one build, to
see the defects you'll only need to select 'New' state, along with a
status of 'Analyze.'  These defects will only then be slotted into the
'Existing' state after any future builds.  You can go through and
inspect them using the web interface and I recommend the following
status convention:

(1) Real Bugs -> put in 'Fix' (or 'Fix in Next Release')
(2) False Reports -> place in 'Not a Problem'
(3) Technically correct, by you're not interested/concerned -> place in
'Filter' (this way you won't see them again in future builds)

Your login to the site is:
https://opensource.klocwork.com <https://opensource.klocwork.com/>
u/n:  [XXXXXXXXXX]
p/w:  [XXXXXXXXXX]

You mentioned in a previous e-mail that you may wish for another user to
be able to access the results.  That is not a problem, if/when you want
that just e-mail me the person's e-mail and name and we'll set up an
account for him/her.

Klocwork would appreciate credit for any bugs that make it into your fix
process - let me know if you have any questions/comments.  Good luck,
enjoy!

Best Regards,
Adam


Adam Harrison
adam.harrison at klocwork.com
613-836-8899 ex. 212
www.klocwork.com <http://www.klocwork.com/>

More information about the Xfce4-dev mailing list