180
submitted 1 year ago by nutomic@lemmy.ml to c/announcements@lemmy.ml
you are viewing a single comment's thread
view the rest of the comments
[-] nutomic@lemmy.ml 6 points 1 year ago

All the code is open source, everyone is welcome to look through it for potential problems and report/fix them. we dont have any money to pay for a professional audit. Maybe there are some organizations which would do audits of open source projects for free, might be worth searching for.

[-] Zeth0s@lemmy.world 3 points 1 year ago

We use sonarqube for code analysis that is pretty nice and has a community edition. It isn't a bullet proof solution, but it is pretty convenient for maintainers and reviewers of PRs. The only thing missing from the enterprise edition are useless flashy dashboards to show to people who don't understand computers

[-] lowleveldata@programming.dev 0 points 1 year ago

I do have a Sonarqube server somewhere around. Is it considered an annoying behavior to scan an open source project and open issues for others to fix?

[-] nutomic@lemmy.ml 1 points 1 year ago

That depends, it would be annoying if you open lots of issues for minor, unimportant issues. But if you find a few major problems its good to report them. Of course its always ideal if you submit fixes as well, because there are never enough devs.

[-] lowleveldata@programming.dev 1 points 1 year ago

I'm way too lazy to code when I'm off work

[-] JoeKrogan@lemmy.world 1 points 1 year ago

I think its better to detect something early even if there is not a fix as it at least can be triaged and others can fix it if the original reporter is unable to devote the time or whatever

this post was submitted on 11 Jul 2023
180 points (100.0% liked)

Announcements

23264 readers
2 users here now

Official announcements from the Lemmy project. Subscribe to this community or add it to your RSS reader in order to be notified about new releases and important updates.

You can also find major news on join-lemmy.org

founded 5 years ago
MODERATORS