* [spitball] integrating analyzers into build systems
@ 2021-05-16 19:22 raingloom
0 siblings, 0 replies; only message in thread
From: raingloom @ 2021-05-16 19:22 UTC (permalink / raw)
To: guix-devel@gnu.org
Would it make sense to run analyzers like Infer or MyPy at build time?
Maybe have something like --with-debug, so if there is an analyzer-log
output, only then is Infer ran?
In theory these tools are more useful for developers, but it's still
potentially useful to independently analyze our software for memory
safety and other errors, but also the build might run in or target an
environment the upstream developer didn't anticipate, for example when
cross compiling, or it could just straight up be patched and not
identical to whatever upstream verified as working.
Could also just be used to scan our software for vulnerabilities.
Anyways, just throwing this out there. I don't think it would have
immediate benefits, but it could be nice in the long term.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-05-16 19:23 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-16 19:22 [spitball] integrating analyzers into build systems raingloom
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).