curl / Mailing Lists / curl-library / Single Mail

Buy commercial curl support. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder Daniel himself.

Time to drop codeql from the CI setup?

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Sat, 21 Dec 2024 15:04:39 +0100 (CET)

Hello curlonauts!

We started using codeql for static code analysis in 7183f5acc3d7ca39,
June 2020.

Since then, not a single commit has been merged into the source code
repository citing codeql as source or reason. Yet, it keeps getting updated
and we get constant reminders to upgrade the pinning it to the latest hash.

During 4.5 years with intense development and significant code churn. While
Coverity, scan-buld and CodeSonar have belped us point out many mistakes,
codeql has remained silent (or had false positives).

For this little gain, I think we spend a disproportionate amount of work on
codeql maintanance.

My PR => https://github.com/curl/curl/pull/15798

Thoughts?

-- 
  / daniel.haxx.se || https://rock-solid.curl.dev
-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Received on 2024-12-21

This message: [ Message body ]
Next message: Dan Fandrich via curl-library: "Re: Time to drop codeql from the CI setup?"
Previous message: Daniel Stenberg via curl-library: "The feature window opens tomorrow"
Next in thread: Dan Fandrich via curl-library: "Re: Time to drop codeql from the CI setup?"
Reply: Dan Fandrich via curl-library: "Re: Time to drop codeql from the CI setup?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]