...
- If the ONAP project can be built from source in a single command, then Coverity can to create component maps.
- If the separate components are built individually, then each component can be submitted as a separate project.
- Coverity recommends storing the projects in a hierarchical structure in Github with the ONAP parent project referring to the project (i.e. ONAP/component_name). There are a few projects already in SCAN which Scan which follow this structure.
Restrictions on builds: (from https://scan.coverity.com/)
Maximum Lines of Code in Project | Frequency of scans |
|---|---|
| <100K lines of code | Up to 28 builds per week, with a maximum of 4 builds per day |
| 100K to 500K lines of code | Up to 21 builds per week, with a maximum of 3 builds per day |
| 500K to 1 million lines of code | Up to 14 builds per week, with a maximum of 2 build per day |
| >1 million lines of code | Up to 7 builds per week, with a maximum of 1 build per day |
Once a project reaches the maximum builds per week, additional build requests will be rejected. The submitter will be able to re-submit the build request the following week.
SCAN Scan is self-service: Coverity provides the analysis infrastructure and results, but the onus is on the submitter to submitter must provide the instrumented artifacts to analysis. Scan provides integration with TravisCI/Github.
To use Scan, the submitters will have to create an account and submit their project at https://scan.coverity.com/projects
...