Nordic SDK Static Analysis issue handling

Hi Nordic Team,

Our dev environment is as follows:

nrf52840 + s140 +SD7.0.1 + SDK17.0.0.9 + SES

We recently evaluated our cyber-security threats and also ran Coverity Static Analysis Tool on our project.

There are multiple "High" severity reportings from coverity tool for the files in SDK.

Is there a way we can report it to Nordic and Nordic team can provide us the fixes/workaround or justifications to ignore or report them as false positives?

Regards,

PriyeshN

Someshwara Chary

Parents

0 Vidar Berg over 4 years ago

Hello,

I recommend you review the high severity ones and evaluate whether they are a valid and if you think they may pose a risks to your application. Also feel free to let us know if you identify bugs you deem critical so we can consider them if we do a new SDK release.

Please keep in mind that the nRF5 SDK is currently in maintenance mode as stated here: nRF Connect SDK and nRF5 SDK statement

Best regards,

Vidar
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Vidar Berg over 4 years ago

Hello,

I recommend you review the high severity ones and evaluate whether they are a valid and if you think they may pose a risks to your application. Also feel free to let us know if you identify bugs you deem critical so we can consider them if we do a new SDK release.

Please keep in mind that the nRF5 SDK is currently in maintenance mode as stated here: nRF Connect SDK and nRF5 SDK statement

Best regards,

Vidar
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data