Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

1st step is analyzing for history of code quality using static analysis tool.  Has a serious bug been fixed with the minor version up?  When major version up is made, how many new serious bugs increase this OSS?
This analysis cannot be based on the number of bug fix.  It need to use a static analysis tool to analyze the unfixed bugs.


Focusing point:

  • Which tool is trusted in the world?
  • Which tools can accurately detect bugs? (code analysis only, excluding CVE check)
  • Which tools can accurately detect known defects (CVE)?





Example : https://scan.coverity.com/projects

→ would need FOSS ??

  • No labels