Thank you!
Makes total sense.
I’d like to tailor the reports to what maintainers need, some like having reproducers and suggested fixes, others would prefer just a short description and code locations. I’ve got some feedback from them that will allow customizing some reports, should make asking for this feedback the SOP. And verbosity is something we can surely adapt.
The reports are meant to separate confirmed bugs from code quality suggestions, and to keep false positives to the lowest possible.
Not all bugs the tools find are testable, but we try to reproduce them all and explain why some aren’t possible: simplejson C Extension Analysis Report · GitHub. When maintainers ask me to open PRs, I add tests where possible. Making the reproducer themselves tests (in the correct style for the project) is better, I’ll do that, thanks!
That’d be very informative and I think simple to implement, I’ll give it a try.
I do that locally and include the steps in the report, but doing it in CI seems like the next logical step.
Thank you very much for your feedback!