Anyone forming a team for this OSSF funded competition (2 yr $20M in prizes)?

https://aicyberchallenge.com/

Teams will need #NLP, #CyberSecurity, #StaticAnalysis and #Compiler expertise. Maybe #OpenSource project and community management experience would help too. This will likely hinge on #GOFAI algorithms like A* search, and graph querying (#AST walking). If you've written a linter you probably have the right stuff.

I'll try something new here: We're going to have the first meeting for a #codequality group in our company of about 20 people. This will include discussions about #SoftwareTesting, #TestAutomation, #ContinuousIntegration, #StaticAnalysis, etc.

Any tips or resources on how to organize such a group? We're three people and we try to come up with a course of action to improve quality. We’re web devs using #php but that shouldn't stop you from suggesting links, etc.

Thanks!

#softwarequality

Question for the Fediverse: does anyone know of static analysis tools, linters, or languages for devops pipelines to catch errors early? I mean like the pipeline that runs for an hour then fails at the last step copying a file to a non-existent directory because I forgot a mkdir :blobcatfacepalm: This seems like an error that could be caught early with the right tools. Know of any? #devops #scripting #staticanalysis #programming

🤔 Ever wonder how linters work in Go? ❓

In my latest video, I go through Denis Isaev's tutorial "Writing Useful go/analysis Linter", to learn how to build a linter myself to learn what's involved. Follow along and see if you can learn something, too...

#go #golang #staticanalysis #softwaredevelopment

https://youtu.be/ycU-GXL_ix4

I'll be live coding in just about half an hour! Join me, and watch (or help!) me build a real-world linter for #golang.

https://youtube.com/live/nnrG7RfPbz0

#livestream #youtube #livecoding #linter #staticanalysis #coding

Identify problematic areas of codebase by visualizing your application architecture—all with the magic of static analysis tools like #Madge and Dependency Cruiser.

Read the full blog: https://www.upgradejs.com/blog/application-architecture-visualization.html?utm_source=Mastodon&utm_medium=Organic&utm_campaign=Blogpromo&utm_term=apparchitecture+&utm_content=Graphic&utm_id=

#webapplication #staticanalysis

CodeQL zero to hero part 2: getting started with CodeQL

Check it out! 👇
https://github.blog/2023-06-15-codeql-zero-to-hero-part-2-getting-started-with-codeql/

#StaticAnalysis #SecurityResearch #GithubSecurityLab #Codeql #Security

Referenced link: https://hackernoon.com/slitherin-our-very-own-slither-detectors
Discuss on https://discu.eu/q/https://hackernoon.com/slitherin-our-very-own-slither-detectors

Originally posted by HackerNoon | Learn Any Technology / @hackernoon: http://nitter.platypush.tech/hackernoon/status/1654133791546327040#m

In recent months we have been actively developing our own Slither detectors to help with code review and audit process! Check them out right now!
- https://hackernoon.com/slitherin-our-very-own-slither-detectors #solidity #staticanalysis

#actionlint is a static checker for #GitHub Actions workflow files.

actionlint-1.6.24 has been released today, and it is already available for fellow #Gentoo users in my overlay at:

https://github.com/ferki/gentoo-overlay/tree/master/dev-util/actionlint

Happy linting!

#GitHubActions #staticanalysis #cicd

CodeQL zero to hero part 1: the fundamentals of static analysis for vulnerability research

Check it out! 👇
https://github.blog/2023-03-31-codeql-zero-to-hero-part-1-the-fundamentals-of-static-analysis-for-vulnerability-research/

#StaticAnalysis #SecurityResearch #GithubSecurityLab #Codeql #Security

RT @markusstaab
Detect slow queries before they hit your production database using #phpstandba extension for @phpstan

https://staabm.github.io/2022/08/16/phpstan-dba-query-plan-analysis.html

#php #staticanalysis

#phpstandba learnt to narrow result types when #sql joins are used.

it narrows e.g. integer ranges and also takes nullability into account.

feedback welcome

#php #staticanalysis

https://github.com/staabm/phpstan-dba/pull/531

Referenced link: https://hackernoon.com/effective-static-code-analysis-techniques-for-improving-code-quality
Discuss on https://discu.eu/q/https://hackernoon.com/effective-static-code-analysis-techniques-for-improving-code-quality

Originally posted by HackerNoon | Learn Any Technology / @hackernoon: http://nitter.platypush.tech/hackernoon/status/1633875304480649217#m

Increase the value of your static code analysis with the help of test impact analysis and predictive test selection. - https://hackernoon.com/effective-static-code-analysis-techniques-for-improving-code-quality #staticanalysis #testing

Code Analysis improvements for C++ in #VisualStudio 17.6
https://devblogs.microsoft.com/cppblog/code-analysis-improvements-in-visual-studio-17-6/
Powerful new checks to play with.
@visualc blogpost by @XazaxHun
#cpp #cplusplus #staticanalysis

What tools / services do you use that import and do something interesting with SARIF static analysis results?

For example, GitHub Code Analysis understands SARIF. There is also a VSCode viewer plugin.

Context: thinking about adding SARIF output support to Nosey Parker, the secrets detector I'm working on: https://github.com/praetorian-inc/noseyparker

#sarif #sast #staticanalysis

A small contribution to static analysis tool #Cppcheck from Codethink engineer Michael Drake: https://github.com/danmar/cppcheck/pull/4757

#OpenSource #Testing #StaticAnalysis #UpstreamFirst

#clang's scan-build is really awesome for simple to setup #StaticAnalysis, all you need is a compile-commands.json which is easily generated by #Meson or #CMake but also with classic #Makefiles when using bear(1). Then, just point it to the JSON and run a new build. Output is on the console as well as an HTML with a nice taint analysis which branches need to be taken for what to happen. Trade off benefit/time is real good

The day I'll have as much false confidence as the guys who declared clang-analyzer-cplusplus.NewDelete(Leaks) would be functional, and generally appliable...

#cplusplus #clang #staticanalysis

I'm trying to figure out the proper way to tell #Psalm that the $initial parameter in this method can be either the templated type `TCarry` or `null`. It's mostly working, but it doesn't like the `null` value. It wants to always require a value of type `TCarry`.

Any thoughts or pointers? Maybe I'm thinking about this the wrong way?

#PHP #StaticAnalysis

https://psalm.dev/r/161b06f36c

Perl::Critic users, 18 new features have been added and 7 bugs fixed in the past month, and a dependency on IO::String has been removed. #perl #StaticAnalysis

https://metacpan.org/dist/Perl-Critic/changes