Re: [jetty-dev] Static analysis scan

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-dev] Static analysis scan

From: Andrew Ross <andrew.ross@xxxxxxxxxxx>
Date: Mon, 10 Dec 2012 11:50:37 -0500
Delivered-to: jetty-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-dev>
List-help: <mailto:jetty-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-dev>, <mailto:jetty-dev-request@eclipse.org?subject=unsubscribe>
Organization: Eclipse Foundation
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121016 Thunderbird/16.0.1

Nah, just my nature to be discrete as a default as things are getting started.

They are:
Checkmarx
http://www.checkmarx.com/

Good folks, and very keen to support the community.

I hear you re: vendor neutrality. It's a major pain, no question. It's also an important tenet in our governance. I believe there's good potential to help them help the community, give them the rightful good will and visibility they deserve, and yet still balance vendor neutrality.

The basic idea is they scan the code and the data is provided so that projects can easily get to it and use it to fix issues. We're figuring out where the data will be hosted, how it gets updated, and so forth.

Andrew

On 12/10/2012 11:30 AM, Jesse McConnell wrote:

Is the eclipse governance so onerous that we can't even say who the company/team/product is on a mailing list? :)

I find the hoops that we have to jump through just to use something that someone wants to give us for free shocking...you mailed this out literally moments after I pinged the issue about YourKit licensing for an update.

So anyway...yes we are interested in knowing more.

cheers,

jesse

--
jesse mcconnell
jesse.mcconnell@xxxxxxxxx

On Mon, Dec 10, 2012 at 10:21 AM, Andrew Ross <andrew.ross@xxxxxxxxxxx> wrote:

Hi Everyone,

A company has approached with interest to use their static analysis software to scan Eclipse projects and provide the data to help the community.

Our governance requirement for vendor neutrality limits our ability to run their software on Foundation hardware, even if they offer it for free. The team at this company have offered to run it on their hardware and and provide the data back for the betterment of Eclipse projects.

I wanted to check with you to see if the Jetty project might be interested in participating in this?

If there's interest, I'll provide more information and facilitate the next steps. For what it's worth, this firm is also signing up as a member to support the Foundation & community.

Regards,

Andrew

Follow-Ups:
- Re: [jetty-dev] Static analysis scan
  - From: Jesse McConnell

References:
- [jetty-dev] Static analysis scan
  - From: Andrew Ross
- Re: [jetty-dev] Static analysis scan
  - From: Jesse McConnell

Prev by Date: Re: [jetty-dev] Static analysis scan
Next by Date: Re: [jetty-dev] Static analysis scan
Previous by thread: Re: [jetty-dev] Static analysis scan
Next by thread: Re: [jetty-dev] Static analysis scan
Index(es):
- Date
- Thread

Breadcrumbs