How To
Register a new ONAP project on Coverity Scan service
- Visit new project registration page.
- Fill the following info and "Submit":
- Project Name (e.g.
"onap-so")
onap-[a-z0-9]+
(avoid using "/")
- the project name will be used as a parameter for appropriate Jenkins job to submit build results
- Role - set it to
"Maintainer/Ovner"
- Language (e.g.
"Java"
) - Repository URL (e.g.
"https://git.onap.org/so/"
) - License (e.g.
"Apache"
) - Homepage URL (e.g.
"https://www.onap.org/"
) - Reference URL
- proof of your association with the project, e.g. link to your commit
- optional but highly recommended
- Additional information (e.g.
"SO is a component of Open Networking Automation Platform - an open source networking project hosted by the Linux Foundation."
)
- Project will be created immediately. We can send builds for analysis. However, access to defects report should be unlocked after the project verification by Coverity Scan admins (it usually takes a couple of working days).
- To configure a Jenkins job for automated build submission we need a Project Token. It can be found on "Project Settings" tab:
![](/download/attachments/64007011/screenshot-token.png?version=1&modificationDate=1560348059000&api=v2&effects=drop-shadow)
Use Jenkins to submit builds for Coverity Scan evaluation periodically
Add the following job project to appropriate yaml config. E.g. for SO (https://git.onap.org/ci-management/tree/jjb/so/so.yaml):
Code Block |
---|
|
- project:
name: 'so-coverity'
jobs:
- 'onap-gerrit-maven-coverity'
cron: '@daily'
build-node: 'ubuntu1604-builder-4c-4g'
project: 'so'
project-name: 'so'
branch: 'master'
mvn-settings: 'so-settings'
mvn-params: '-Dmaven.test.skip=true'
coverity-project-name: 'onap-so'
coverity-token: 'SrGGJp9T1n1lhJn2sF72XQ'
coverity-user-email: 'artem.naluzhnyy@gmail.com' |
Access defect details
- Open Coverity Scan page for your project. You can either use Coverity Scan projects search or find a direct link on appropriate Jenkins job page:
![](/download/attachments/64007011/screenshot-jenkins-job.png?version=3&modificationDate=1560342859000&api=v2&effects=drop-shadow)
- If you have not been added to the project on Coverity Scan service yet:
- Click on "Add me to project" and fill the form:
![](/download/attachments/64007011/screenshot-add-me-1.png?version=1&modificationDate=1560342368000&api=v2&effects=drop-shadow)
![](/download/attachments/64007011/screenshot-add-me-2.png?version=1&modificationDate=1560342367000&api=v2&effects=drop-shadow)
- Wait till the project administrators grant you appropriate permissions.
- Click on "View Defects":
![](/download/attachments/64007011/screenshot-add-me-3.png?version=1&modificationDate=1560342595000&api=v2&effects=drop-shadow)
Reference Coverity defect ID in commit message
Code Block |
---|
|
Coverity: CID-12345, CID-67890 |
Reduce amount of defects
Mark Coverity defect as "not-a-bug"
- Go to "Triage" section on the right panel of "View Defects" page.
- Set "Action" to "Ignore" and "Apply".
![](/download/attachments/64007011/screenshot-ignore-issue.png?version=1&modificationDate=1560334124000&api=v2&effects=drop-shadow)
If you have "Maintainer/Owner" permissions for a project:
- Go to "Project Setting" tab on project page and click "Edit".
- Check "Exclude Findbugs Defects" and "Submit".
![](/download/attachments/64007011/screenshot-findbugs-disable-1.png?version=1&modificationDate=1560337583000&api=v2&effects=drop-shadow)
![](/download/attachments/64007011/screenshot-findbugs-disable-2.png?version=1&modificationDate=1560337582000&api=v2&effects=drop-shadow)
Disable tests analysis
Modify "mvn-params" attribute of appropriate Jenkins job to skip build of the tests:
Code Block |
---|
|
- project:
name: 'so-coverity'
mvn-params: '-Dmaven.test.skip=true'
... |
See also
Jira |
---|
server | ONAP JIRA |
---|
columns | key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution |
---|
serverId | 425b2b0a-557c-3c0c-b515-579789cceedb |
---|
key | CIMAN-260 |
---|
|
- Supported programming languages
- FAQ