Hi everyone,

 

I would like to ask whether there is an interest in the Project for integrating static code analysis tools with the rest of CI, on the TF-M code base. To the best of my knowledge, this is not available today. In short, a simple process would involve maintaining and running static analysis checking (e.g. using Coverity or any other licensed tool) in nightly/weekly/etc. CI runs, reporting the found issues in the Project, triaging them, and tracking the progress of fixing the issues that are identified as real bugs. Has this topic been raised already in the Project? If not, is this something the project members would consider adding as part of the TF-M Project QA/release process?

 

Thanks!

Ioannis Glaropoulos

Nordic Semiconductor