Codecov, (or alt), for the Qubes github repos?

Hi, I saw this (codecov) on the V project repo(s).

I think this may have been mentioned on github already, (forgive me if this is a dupe), but is it worth adding Qubes to codecov, (or an alt), which automatically scans for bugs and displays a nice badge on the (github) readme, (see this),?.

Codecov say they are free for open-source. I don’t think it requires any special perms to the repo/compromises security - unless I’ve overthunk it.

This seems like a really simple way to potentially catch security bugs before they become nasty.

Just a crazy thought.


1 Like

can you take a look at this and this

Synopsys Software Security | Software Integrity Group


Pleminary thoughts (will update later).

Codacy is a no-go, (AWS), unless we can get self-hosted, (enterprise option); I have asked about pricing and will review the terms when they get in touch: (‘a few hours’).

Snyk, (there website is sooo slow - but their sales reps were so quick lol), have a ‘container’ option but appears to be networked atm, they are going to update me.EDIT: no on-premise solution, (container phones home).

While searching for synopsys (whom don’t give much away), I found sourcegraph whom look promising. They have options for open-source/non-profit so I have sent an email and I’m awaitng a response.

Checkmarx apparently have on-premise, but they are a tad like synopsys in keeping their cards close - awaiting response.

So, synopsys. Not looking great, (DRM video for sales lol), and they wanted me to hand over all my data to the devil to contact sales - so I decided not to bother.

Codecov, (project V uses this): thank you for your inquiry - someone will be in touch

I hope this helps :wink: @ppc

1 Like

AWS is very bad for privacy and security

i know that(John Hammond demo on his channel), but at the time i suggest i don’t think that bad

I thought synopsys bad because DRM video so i hide it (and it actually bad because



that great :)

1 Like

Isn’t some form of codecov in use for Qubes already? or are you talking about something different?
Codecov like what is in this recent pull request?

1 Like

That may be so @adw .?

If so, I don’t think it’s documented publicly anywhere - see: codecov - Google Suche

1 Like

Places like that pull request are also where I’ve seen it in use in this project, but I don’t know much about it beyond that. Perhaps @fepitre or @marmarek might be able to say more.

Indeed, I don’t think it’s documented. That’s probably on someone’s decades-long to-do list. :stuck_out_tongue:

1 Like