Re: C++ static analysis tools for CII badge

Daniel Heckenberg
 

Thanks for the informative replies, Daniel and Kevin.

I'd also seen the current outage with coverity -- hopefully that is resolved soon.
lgtm looks appealing and may be suitable for our projects.  

A very specific CII badge aspect is that detection and timely remedy of CVSS v2 medium and high severity issues is required.  coverity seems to have a report generator which performs this, but I haven't seen any direct or automatic way to map other C/C++ analysis tool outputs to CVSS scores.  How is this usually done?

Thanks,
Daniel

Join CII-badges@lists.coreinfrastructure.org to automatically receive all group messages.