#staticanalysis — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #staticanalysis, aggregated by home.social.
-
We released 1.2.0 of event-sourcing-phpstan-extension! See here for the changelog: https://github.com/patchlevel/event-sourcing-phpstan-extension/releases/tag/1.2.0
#PHP #DDD #EventSourcing #PHPStan #StaticAnalysis -
We released 3.2.0 of event-sourcing-psalm-plugin! See here for the changelog: https://github.com/patchlevel/event-sourcing-psalm-plugin/releases/tag/3.2.0
#PHP #DDD #EventSourcing #Psalm #StaticAnalysis -
One Open-source Project Daily
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
https://github.com/anchore/syft
#1ospd #opensource #containers #cyclonedx #docker #go #golang #hacktoberfest #oci #sbom #spdx #staticanalysis #tool -
Now @emilysamp from #Shopify speaks about one of the most controversial topics in #RubyProgramming: #Types (and 🍦 @sorbet_ruby for that matter).
https://railsatscale.com/2025-04-23-rbs-support-for-sorbet/
Remember that you can easily generate type definitions with Tapioca:
https://github.com/Shopify/tapioca
#brightonruby2025 #brightonruby #types #staticanalysis #prism #sorbet #lsp #RubyLSP #gradualtyping #typesignatures #tapioca
-
Now @emilysamp from #Shopify speaks about one of the most controversial topics in #RubyProgramming: #Types (and 🍦 @sorbet_ruby for that matter).
https://railsatscale.com/2025-04-23-rbs-support-for-sorbet/
Remember that you can easily generate type definitions with Tapioca:
https://github.com/Shopify/tapioca
#brightonruby2025 #brightonruby #types #staticanalysis #prism #sorbet #lsp #RubyLSP #gradualtyping #typesignatures #tapioca
-
Now @emilysamp from #Shopify speaks about one of the most controversial topics in #RubyProgramming: #Types (and 🍦 @sorbet_ruby for that matter).
https://railsatscale.com/2025-04-23-rbs-support-for-sorbet/
Remember that you can easily generate type definitions with Tapioca:
https://github.com/Shopify/tapioca
#brightonruby2025 #brightonruby #types #staticanalysis #prism #sorbet #lsp #RubyLSP #gradualtyping #typesignatures #tapioca
-
Now @emilysamp from #Shopify speaks about one of the most controversial topics in #RubyProgramming: #Types (and 🍦 @sorbet_ruby for that matter).
https://railsatscale.com/2025-04-23-rbs-support-for-sorbet/
Remember that you can easily generate type definitions with Tapioca:
https://github.com/Shopify/tapioca
#brightonruby2025 #brightonruby #types #staticanalysis #prism #sorbet #lsp #RubyLSP #gradualtyping #typesignatures #tapioca
-
Now @emilysamp from #Shopify speaks about one of the most controversial topics in #RubyProgramming: #Types (and 🍦 @sorbet_ruby for that matter).
https://railsatscale.com/2025-04-23-rbs-support-for-sorbet/
Remember that you can easily generate type definitions with Tapioca:
https://github.com/Shopify/tapioca
#brightonruby2025 #brightonruby #types #staticanalysis #prism #sorbet #lsp #RubyLSP #gradualtyping #typesignatures #tapioca
-
🚀 Going to ISC 2025? Join us for “GORC: A Graph Neural Network-Based Static Data Race Checker for OpenMP”
📅 June 12 | 🕐 13:25–13:50 | 📍 Hall F, 2nd Floor, Hamburg Congress CenterSpeakers Anh Tran & Ignacio Laguna unveil GORC, a novel GNN-based race checker trained on PrograML graphs.
GORC achieves higher recall than LLOV and handles incomplete programs, outperforming current ML-based tools.https://isc-hpc.com/program/schedule
#ISC25 #OpenMP #DataRace #HPC #StaticAnalysis #GraphNeuralNetwork
-
One static analysis tool tells me to use `lstat` and `fstat` to avoid (or at least detect) malicious replacement of a file that I `open`. Then, after doing this, my other static analysis tool complains that I’ve introduced a TOCTOU (time-of-use, time-of-check) between `lstat` and `open`.
Sure, but I’m going to detect that. Real issue I have with all of this is that there’s still a window (which I estimate to be the about the same size in both versions of this program) between creating this pseudoterminal file and the next interaction I have with it (be that pulling file stats with `lstat` or `open`ing it).
#SemGrep #Coverity #StaticAnalysis #Programming #C -
Dylint - Run #Rust lints from dynamic libraries:
https://github.com/trailofbits/dylint
"Dylint is a Rust linting tool, similar to Clippy. But whereas #Clippy runs a predetermined, static set of lints, Dylint runs #lints from user-specified, dynamic libraries. Thus, Dylint allows developers to maintain their own personal lint collections."
Looks like a really cool project!
-
"Custom PHPStan Rules: Automate Standards and Save Time" will be Dave Liddament's talk at phpday25.
#phpday25 #PHP #Staticanalysis #improvement #PHPStan
--------
phpday - 22nd edition
The annual gathering for developers, professionals, and PHP enthusiasts.
The conference is powered by @grusp
📍Verona (Italy) | 📆 May 15-16, 2025
Tickets https://bit.ly/41J6UP3 -
"Custom PHPStan Rules: Automate Standards and Save Time" will be Dave Liddament's talk at phpday25.
#phpday25 #PHP #Staticanalysis #improvement #PHPStan
--------
phpday - 22nd edition
The annual gathering for developers, professionals, and PHP enthusiasts.
The conference is powered by @grusp
📍Verona (Italy) | 📆 May 15-16, 2025
Tickets https://bit.ly/41J6UP3 -
Your #IDE spots errors before you even hit run. But HOW? Explore the hidden world of #StaticAnalysis — where grammars, parse trees & #ASTs rule. @martin_fmi breaks it all down. Read: https://javapro.io/2025/02/04/the-art-of-static-code-analysis/
-
Updating (#PHP) packages to @reactphp Promise v3, and test your types with @phpstan: https://blog.wyrihaximus.net/2024/06/updating-php-packages-to-reactphp-promise-v3--and-test-your-types-with-phpstan/
#php #reactphp #phpstan #staticanalysis #template #strongtyping
-
Do you want Infrastructure as Code security? :kubernetes: :github: :microsoft:
Do you use CodeQL to scan your code (which is, btw, free for open source code)?
From today you can use #CodeQL to scan it, using a new open source package written by my team mate @geekmasher
Scan #Terraform, #GitHubActions, #HelmChart, and #AzureBicep, with more in progress.
#IAC #InfrastructureAsCode #SAST #CodeSecurity #CodeSmells #StaticAnalysis #GitHub #AdvancedSecurity
-
:hacker_z: :hacker_o: :hacker_d: :hacker_s: :hacker_e: :hacker_c: 0xD :verified: @[email protected] ·Basic Static Analysis - I have just completed this room! Check it out: https://tryhackme.com/room/staticanalysis1 #tryhackme #security #blueteam #malwareanalysis #reverseengineering #windows #pe #staticanalysis #hashes #strings #stringsearch #yara #staticanalysis1 via @RealTryHackMe
-
What tools / services do you use that import and do something interesting with SARIF static analysis results?
For example, GitHub Code Analysis understands SARIF. There is also a VSCode viewer plugin.
Context: thinking about adding SARIF output support to Nosey Parker, the secrets detector I'm working on: https://github.com/praetorian-inc/noseyparker
-
Did you know Clang 9 comes packed with over 300 clang-tidy checks? 130 even have auto-fixes.
Check what these can do for your codebase, with @clangpowertools
https://clangpowertools.com
#clang
#LLVM
#cpp
#tidy
#visualstudio
#modernize
#staticanalysis