Coverity Scan

[CFAndy]

Hi Vincent @aranega
Do you have a plan to register pyecore at https://scan.coverity.com ? The static scan tool is free for open source project and should be helpful to reduce the security risk due to small code error.
I have done some offline scan for pyecore with open source tool from redhat. But a scan report from coverity will always greatly uplift the security reputation of opensource project.This is just a soft suggestion. Again, thank a lot for the contribtion on this project!
-Andy

[aranega]

Hi @CFAndy ,

Thanks for the suggestion and the kind words! I will try the project you proposed. Currently, I use codacy which give nice feedbacks, but I'm always eager to find new tools to improve PyEcore security and code quality! (I tried some mutation analysis also in order to improve the quality of the tests, but I'm still not convinced by the technique for generalist languages).

[CFAndy]

Hi Vincent @aranega
codeacy is also great. Could it give a static report which could be linked in the webpage of this project?
-Andy

[aranega]

@CFAndy No problem! Here is the link: https://www.codacy.com/app/aranega/pyecore.
All is not green, but they are wanted side effects. I will work on better design for some sooner or later.
I also added a badge on the README.rst file with a quick access to the page (only on develop for now).

I've started to configure the project for coverty scan, but I had some struggle with the tool that you need to use offline. As soon as I have more time, I will try anyway, it's always interesting to have feedbacks!