Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Re: Time to drop codeql from the CI setup?
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Dan Fandrich via curl-library <curl-library_at_lists.haxx.se>
Date: Sat, 21 Dec 2024 11:33:43 -0800
On Sat, Dec 21, 2024 at 03:04:39PM +0100, Daniel Stenberg via curl-library wrote:
> We started using codeql for static code analysis in 7183f5acc3d7ca39,
> June 2020.
>
> Since then, not a single commit has been merged into the source code repository citing codeql as
> source or reason. Yet, it keeps getting updated and we get constant reminders to upgrade the
> pinning it to the latest hash.
There have been 158 issues raised by CodeQL in that time. Every single one of
them was closed as "false positive" or "won't fix". So, I think you're onto
something.
Dan
Date: Sat, 21 Dec 2024 11:33:43 -0800
On Sat, Dec 21, 2024 at 03:04:39PM +0100, Daniel Stenberg via curl-library wrote:
> We started using codeql for static code analysis in 7183f5acc3d7ca39,
> June 2020.
>
> Since then, not a single commit has been merged into the source code repository citing codeql as
> source or reason. Yet, it keeps getting updated and we get constant reminders to upgrade the
> pinning it to the latest hash.
There have been 158 issues raised by CodeQL in that time. Every single one of
them was closed as "false positive" or "won't fix". So, I think you're onto
something.
Dan
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2024-12-21