It appears that Coverity already provides the service free to Open Source projects. All that is required is to sign up for this at:
---
Steve H.
From: LeMay.Steve [mailto:Steve.Lemay@IGT.com]
Sent: Thursday, December 04, 2014 10:56 AM
To: boost-users@lists.boost.org
Subject: Re: [Boost-users] Using static code checkers against the Boost code base
Or maybe help to get Coverity to scan Boost as part of the open source static analysis efforts (if they don’t already).
SGL
From: Boost-users [mailto:boost-users-bounces@lists.boost.org]
On Behalf Of Hickman, Steve (AdvTech)
Sent: Thursday, December 04, 2014 10:31 AM
To: boost-users@lists.boost.org
Subject: [Boost-users] Using static code checkers against the Boost code base
I don’t know if there is a policy yet on using static code checkers on the Boost code base as part of the release cycle. Given that the Visual Studio 2012 Analyzer tool I’m using just picked up 3 issues in the 1.57 release (I’ve posted
TRAC items on them already), I suspect not.
I would like to encourage such a policy. Boost is, among other things, about quality. This is a way to enhance quality. For people like me who work in safety critical fields, it is vital. I cannot use Boost libraries if they can’t be
certified. Static analyzers can help insure quality, which makes it easier to qualify these tools.
There are many tools available. Some, like CppCheck, are open source. Others are built into development environments (aforementioned VS Analyzer, Clang tools, etc.). Further, I suspect that tool vendors could be convinced it would be good
PR to have their tools used by Boost, so I suspect even those with paid licenses can be made available for free.
Steve Hickman
System Architect, Flight Deck of the Future
480-236-8367