Depfu Reviews

Coverity Scan Reviews

Depfu mentions (4)

• The what and why of CI

  For everyone that has read my article about the demonstration of security flaws already knows how bad things can turn out, because a library has issues. If I would need to summarize this topic into one word: Log4Shell. The problem with 3rd party software is: When they mess up (security wise), your software can be affected. Luckily, often times libraries give their best to fix those exploits as quickly as... - Source: dev.to / over 1 year ago

• Rubocop Ruby Matrix Gems

  Compounding factor #4: Dependency greening tools, like GitHub's dependabot, or the excellent alternatives depfu, and renovate will all send a PR whenever a new version of rubocop comes out, asking to upgrade from ancient to hot-right-now. While this is often a non-starter for a library, the repeated invalid PRs can be a time sink, and a distraction. - Source: dev.to / about 2 years ago

• Best practice: should I specify versions in Gem file?

  In terms of triggering upgrades, we have depfu/dependabot monitoring our dependencies for us. (Adopted depfu first, but dependabot is now baked into Github.) Its then a case of:. Source: over 2 years ago

• Use depfu and Mergify to automatically merge dependency updates

  For some time, I have updated the projects manually, however this became way too time consuming. Enter depfu, a free (for open source projects) service that keeps your project's dependencies up-to-date by proposing pull requests (PRs) whenever there's a new dependency version. Renovate is a similar service, and would work the same for the purpose of this tutorial. Depfu has made my life much easier – it... - Source: dev.to / about 3 years ago

Coverity Scan mentions (4)

• I created this point of sale system for restaurants and hospitality. The All-In-One has a 15.6" touchscreen running a Raspberry Pi Compute Module 4L and is made by Chipsee in Bejing, China. I'm helping a friend install it in a restaurant on the St. Lawrence River where he is the Executive Chef.

  You can use Coverity for free on open source code. I use it on an app I open sourced for packet processing. https://scan.coverity.com/. Source: over 2 years ago

• Free for dev - list of software (SaaS, PaaS, IaaS, etc.)

  Scan.coverity.com — Static code analysis for Java, C/C++, C# and JavaScript, free for Open Source. - Source: dev.to / almost 3 years ago

• CDN dollar just hit 6 year high.

  I personally remember Coverity Scan being completely offline for like 6 months while they tried to deal with infrastructure abuse from people mining bitcoin on their computing clusters. Source: about 3 years ago

• GCC 10.3 has been released

  > Does anyone know any good static analysers other than gcc's or clang's? Visual C++ as well, because since the XP SP2 issues, Microsoft has come up with SAL, which you can also use on your own code, https://docs.microsoft.com/en-us/cpp/code-quality/using-sal-annotations-to-reduce-c-cpp-code-defects?view=msvc-160 Then specialized tooling just for this purpose, just two examples, https://scan.coverity.com/... - Source: Hacker News / about 3 years ago