search

nthdimtech / signet-base

Signet firmware and device interface library
https://www.crowdsupply.com/nth-dimension/signet
GNU General Public License v3.0
15 stars 7 forks source link

Add automated static analysis of the whole code base #18

Open dumblob opened 6 years ago

dumblob commented 6 years ago

Signet firmware is a security software and therefore it should itself be very thoroughly tested. I would recommend automated static analysis for each commit. We have e.g. the following available.

  1. Clang analysis
  2. Coverity scan
  3. PVS studio check (https://www.viva64.com/en/pvs-studio/ )
  4. Debian testing (it's automatically regularly run once a Debian package is available - so it's rather for all the other Signet SW than Signet firmware)
  5. something else?

These all shall be free of charge for open source projects.