* [spitball] integrating analyzers into build systems
@ 2021-05-16 19:22 raingloom
0 siblings, 0 replies; only message in thread
From: raingloom @ 2021-05-16 19:22 UTC (permalink / raw)
To: guix-devel@gnu.org
Would it make sense to run analyzers like Infer or MyPy at build time?
Maybe have something like --with-debug, so if there is an analyzer-log
output, only then is Infer ran?
In theory these tools are more useful for developers, but it's still
potentially useful to independently analyze our software for memory
safety and other errors, but also the build might run in or target an
environment the upstream developer didn't anticipate, for example when
cross compiling, or it could just straight up be patched and not
identical to whatever upstream verified as working.
Could also just be used to scan our software for vulnerabilities.
Anyways, just throwing this out there. I don't think it would have
immediate benefits, but it could be nice in the long term.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-05-16 19:23 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-16 19:22 [spitball] integrating analyzers into build systems raingloom
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.