CII Best Practices Badge Status

[Andrew Johnson <anj@aps.anl.gov>]

We're very close to getting this badge, now 97% there:
    https://bestpractices.coreinfrastructure.org/projects/227
I added the badge link to the
http://www.aps.anl.gov/epics/base/index.php page.

The following mandatory items remain unmet:

> Basics : Other
> 
> Requirement:
> The project sites (website, repository, and download URLs) MUST
> support HTTPS using TLS.
> Detail:
> 
> Project's Comments:
> The Launchpad pages and Bazaar repository and the main website's
> wiki and downloads areas are available using HTTPS; other purely
> informational parts of the main website are currently HTTP-only.

> Analysis : Static code analysis
> 
> Requirement:
> At least one static code analysis tool MUST be applied to any
> proposed major production release of the software before its release,
> if there is at least one FLOSS tool that implements this criterion in
> the selected language.
> 
> Project's Comments:
> Some of the static analysis tools that we have tried in the past were
> not able to work properly with the EPICS Build system, and some of
> our code constructs can also confuse static analysis tools. When we
> have time we will try some newer tools.


I am working on #1. I should be able to switch the whole website to our
https: server with comprehensive redirects from the http: server
relatively easily, but have to ensure that the mailing list archive
configuration gets switched at the same time so I have to coordinate
that with a couple of guys in our IT group.

Does anyone have recent experience with static code analysis tools?
There are examples and links under the "show details" area for this
section of the Best Practices page. I could use some help here.

- Andrew

-- 
Arguing for surveillance because you have nothing to hide is no
different than making the claim, "I don't care about freedom of
speech because I have nothing to say." -- Edward Snowdon