Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Sure, but if the code is already hosted on a public git, it would be more convenient if you could simply clone it.


There's a bit more to it. It's not enough to point Code Spotter / Coverity to a pile of code, it needs to observe the actual build in order to know precisely what is built and how it is built. While for some projects you can extract that information from the build files (e.g., maven poms), there are cases where this will fail. (For example, when the build generates some of the source files.) The most reliable way to understand how a project is constructed is to observe an actual build.

This is particularly true for C/C++ and C#, which are not yet supported on Code Spotter, but will be in the future. This precise understanding of a project's composition is one of the many reasons Coverity false positive rate is relatively low.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: