Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider Adding Code Auditing Tooling #519

Open
popescu-v opened this issue Jan 9, 2025 · 1 comment
Open

Consider Adding Code Auditing Tooling #519

popescu-v opened this issue Jan 9, 2025 · 1 comment
Labels
Type/DevChore Non user facing changes: Refactorings, CI/CD, Tooling

Comments

@popescu-v
Copy link
Collaborator

Description

Several tools could be used to this end, in the GitHub CI and locally:

  • Valgrind (memcheck, --leak-check=yes, ...),
  • ASan (gcc or clang with --fsanitize=address)
  • UBSan (gcc or clang with --fsanitize=undefined),
  • Checkmarx,
  • SonarQube,
  • etc.

The goal of this issue is to come with:

  • a set of auditing tools to be used,
  • their appropriate configuration (to reduce reporting noise),
  • their automation in the GitHub CI

Context

  • Khiops version: >= 11
@popescu-v popescu-v added the Type/DevChore Non user facing changes: Refactorings, CI/CD, Tooling label Jan 9, 2025
@popescu-v popescu-v mentioned this issue Jan 9, 2025
Open
@sgouache
Copy link
Contributor

Adding Snyk (free) to the candidates list.
For an example of usage of ASan/UBSan you may take a look at the driver repos.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type/DevChore Non user facing changes: Refactorings, CI/CD, Tooling
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sgouache @popescu-v