Versions Compared

Old Version 29

changes.mady.by.user Artem Naluzhnyy

Saved on

compared with

New Version 30

changes.mady.by.user Artem Naluzhnyy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Note

There is a major Coverity Scan service upgrade scheduled beginning June 17, 15:00 UTC. The service may go offline or read-only for a few days.


Panel

Table of Contents

How To

Register a new ONAP project on Coverity Scan service

Info
titleSee also

Quick Start guide

  1. Visit new project registration page.
  2. Fill the following info:
    • Project Name (e.g. "onap-so")
      • onap-[a-z0-9]+ (avoid using "/")
      • the project name will be used as a parameter for appropriate Jenkins job to submit build results
    • Role - set it to "Maintainer/Ovner"
    • Language (e.g. "Java")
    • Repository URL (e.g. "https://git.onap.org/so/")
    • License (e.g. "Apache")
    • Homepage URL (e.g. "https://www.onap.org/")
    • Reference URL
      • proof of your association with the project, e.g. link to your commit
      • optional but highly recommended
    • Additional information (e.g. "SO is a component of Open Networking Automation Platform - an open source networking project hosted by the Linux Foundation.")
      • optional
  3. Project will be created immediately. We can send builds for analysis. However, access to defects report should be unlocked after the project verification by Coverity Scan admins (it usually takes a couple of working days).
  4. To configure a Jenkins job for automated build submission we need a Project Token. It can be found on "Project Settings" tab:

Use Jenkins to submit builds for Coverity Scan evaluation periodically

Add the following job project to appropriate yaml config. E.g. for SO (https://git.onap.org/ci-management/tree/jjb/so/so.yaml):

Code Block
languageyml
themeRDark
- project:
    name: 'so-coverity'
    jobs:
      - 'onap-gerrit-maven-coverity'
    cron: '@daily'
    build-node: 'ubuntu1604-builder-4c-4g'
    project: 'so'
    project-name: 'so'
    branch: 'master'
    mvn-settings: 'so-settings'
    mvn-params: '-Dmaven.test.skip=true'
    coverity-project-name: 'onap-so'
    coverity-token: 'SrGGJp9T1n1lhJn2sF72XQ'
    coverity-user-email: 'artem.naluzhnyy@gmail.com'

Access defect details

  1. Open Coverity Scan page for your project. You can either use Coverity Scan projects search or find a direct link on appropriate Jenkins job page:
  2. If you have not been added to the project on Coverity Scan service yet:
    1. Click on "Add me to project" and fill the form:

    2. Wait till the project administrators grant you appropriate permissions.
  3. Click on "View Defects":

Reference Coverity defect ID in commit message

Code Block
languagetext
themeRDark
Coverity: CID-12345, CID-67890

Reduce amount of defects

Info
titleSee also

Tune your project

Mark Coverity defect as "not-a-bug"

  1. Go to "Triage" section on the right panel of "View Defects" page.
  2. Set "Action" to "Ignore" and "Apply".

Disable Findbugs defects

If you have "Maintainer/Owner" permissions for a project:

  1. Go to "Project Setting" tab on project page and click "Edit".
  2. Check "Exclude Findbugs™ Defects" .

Disable tests analysis

Modify "mvn-params" attribute of appropriate Jenkins job to skip build of the tests:

Code Block
languageyml
themeRDark
- project:
    name: 'so-coverity'
    mvn-params: '-Dmaven.test.skip=true'
    ...

See also