Versions Compared

Old Version 19

changes.mady.by.user Artem Naluzhnyy

Saved on

compared with

New Version Current

changes.mady.by.user Artem Naluzhnyy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Section


Column


Info
iconfalse
titleTOC

Table of Contents



Column


Warning
titleWarning!

Major

Note

Coverity Scan service upgrade is

scheduled for upgrade in June 2019. It may go offline for a few days.
Panel

Table of Contents

How To

Register an ONAP project on Coverity Scan service

TO BE DONE

...

in progress - the service may go offline or read-only.


Tip

Presentation on ONAP Joint Subcommittee Meeting, Antwerp '2019

View file
nameONAP static code analysis by Coverity Scan service - Introduction and setup - Artem Naluzhnyy.pdf
height150

(presentation video)







Column

Coverity Scan results

RepositoryCoverity Scan status & results

Jenkins job

(see also All-Coverity view)

aaf/authz


HTML
<a href="https://scan.coverity.com/projects/onap-aaf-authz">
  <img alt="Coverity Scan Build Status"
       src="https://scan.coverity.com/projects/18975/badge.svg"/>
</a>



aaf/cadi


HTML
<a href="https://scan.coverity.com/projects/onap-aaf-cadi">
  <img alt="Coverity Scan Build Status"
       src="https://scan.coverity.com/projects/18976/badge.svg"/>
</a>



ccsdk/apps


HTML
<a href="https://scan.coverity.com/projects/onap-ccsdk-apps">
  <img alt="Coverity Scan Build Status"
       src="https://scan.coverity.com/projects/19295/badge.svg"/>
</a>



ccsdk/dashboard


HTML
<a href="https://scan.coverity.com/projects/onap-ccsdk-dashboard">
  <img alt="Coverity Scan Build Status"
       src="https://scan.coverity.com/projects/19297/badge.svg"/>
</a>



clamp


HTML
<a href="https://scan.coverity.com/projects/onap-clamp">
  <img alt="Coverity Scan Build Status"
       src="https://scan.coverity.com/projects/18706/badge.svg"/>
</a>



multicloud/k8s


Note

Golang support will be ported from commercial Coverity tool to Coverity Scan service later.


HTML
<a href="https://scan.coverity.com/projects/onap-multicloud-k8s"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18708/badge.svg"/></a>



multicloud/openstack


HTML
<a href="https://scan.coverity.com/projects/onap-multicloud-openstack"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18977/badge.svg"/></a>



policy/apex-pdp


HTML
<a href="https://scan.coverity.com/projects/onap-policy-apex-pdp"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18756/badge.svg"/></a>



policy/engine


HTML
<a href="https://scan.coverity.com/projects/onap-policy-engine"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18755/badge.svg"/></a>



portal


HTML
<a href="https://scan.coverity.com/projects/onap-portal"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18696/badge.svg"/></a>


portal-coverity
portal/sdk


HTML
<a href="https://scan.coverity.com/projects/onap-portal-sdk">
<img alt="Coverity Scan Build Status"
src="https://scan.coverity.com/projects/19032/badge.svg"/>
</a>



sdc


HTML
<a href="https://scan.coverity.com/projects/onap-sdc"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18677/badge.svg"/></a>



sdc/dcae-d/dt-be-property


HTML
<a href="https://scan.coverity.com/projects/onap-sdc-dt-be-property"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18676/badge.svg"/></a>



sdc/dcae-d/fe


HTML
<a href="https://scan.coverity.com/projects/onap-sdc-dcae-d-fe"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18612/badge.svg"/></a>



so


HTML
<a href="https://scan.coverity.com/projects/onap-so"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18187/badge.svg"/></a>


so-coverity


How To

Register a new ONAP project on Coverity Scan service

Info
titleSee also

Quick Start guide

  1. Visit new project registration page.
  2. Fill the following info:
    • Project Name (e.g. "onap-so")
      • onap-[a-z0-9-]+ (avoid using "/")
      • the project name will be used as a parameter for appropriate Jenkins job to submit build results
    • Role - set it to "Maintainer/Ovner"
    • Language (e.g. "Java")
    • Repository URL (e.g. "https://git.onap.org/so/")
    • License (e.g. "Apache")
    • Homepage URL (e.g. "https://www.onap.org/")
    • Reference URL
      • proof of your association with the project, e.g. link to your commit
      • optional but highly recommended
    • Additional information (e.g. "SO is a component of Open Networking Automation Platform - an open source networking project hosted by the Linux Foundation.")
      • optional
  3. Project will be created immediately. We can send builds for analysis. However, access to defects report should be unlocked after the project verification by Coverity Scan admins (it usually takes a couple of working days).
  4. To configure a Jenkins job for automated build submission we need a Project Token. It can be found on "Project Settings" tab:
    Image Added
  5. Setup a Jenkins job for the component.

Anchor
jenkins-setup
jenkins-setup
Setup Jenkins to submit builds for Coverity Scan evaluation periodically

Add the following job project to appropriate yaml config. E.g. for SO (https://git.onap.org/ci-management/tree/jjb/so/so.yaml):

Code Block
languageyml
themeRDark
- project:
    name: 'so-coverity'
    jobs:
      - 'onap-gerrit-maven-coverity'
    cron: '@daily'
    build-node: 'ubuntu1604-builder-4c-4g'
    project: 'so'
    project-name: 'so'
    branch: 'master'
    mvn-settings: 'so-settings'
    mvn-params: '-Dmaven.test.skip=true'
    coverity-project-name: 'onap-so'
    coverity-token: 'PUT YOUR COVERITY PROJECT TOKEN HERESrGGJp9T1n1lhJn2sF72XQ'
    coverity-user-email: 'PUT YOUR COVERITY USER EMAIL HEREartem.naluzhnyy@gmail.com'

Access defect details

  1. Open Coverity Scan page for your project. You can either use Coverity Scan projects search or find a direct link on appropriate Jenkins job page:
  2. If you have not been added to the project on Coverity Scan service yet:
    1. Click on "Add me to project" and fill the form:

    2. Wait till the project administrators grant you appropriate permissions.
  3. Click on "View Defects":

...

Code Block
languagetext
themeRDark
Coverity-scan: CID-12345, CID-67890

Reduce amount of defects

Info
titleSee also

Disable analysis of specific files

See how to define software components. You can find a list of all files analysed by Coverity Scan service for a project here.

Mark Coverity defect as

...

false positive

  1. Go to "Triage" section on the right panel of "View Defects" page.
  2. Set "Action" to "Ignore" and "Apply".

...

  1. Go to "Project Setting" tab on project page and click "Edit".
  2. Check "Exclude Findbugs™ Defects" and "Submit" .

Disable tests analysis

Modify "mvn-params" attribute of appropriate Jenkins job to skip build of the tests:

Code Block
languageyml
themeRDark
- project:
    name: 'so-coverity'
    mvn-params: '-Dmaven.test.skip=true'
    ...

Anchor
analysed-files-list
analysed-files-list
List all files of a project analysed by Coverity Scan

See "cov-int/coverity-scan-analysed-files.txt.gz" file in archived Jenkins build artifacts.

Overview Coverity Scan build logs

See "cov-int/build-log.txt.gz" file in archived Jenkins build artifacts.

See also

  • Jira
    serverONAP JIRA
    columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
    serverId425b2b0a-557c-3c0c-b515-579789cceedb
    keyCIMAN-260


  • A couple of Coverity related topics explained on ONAP Security Best Practices page.

  • Supported programming languages: C/C++, Java, C#, JavaScript, TrueScript, PHP, Python, RubyAt , VB, Scala, Swift (at the moment we have a Jenkins job template for Java (Maven) only - TO BE DONEcomponents built by maven only, however, other language sources in the repo can be also analysed using "coverity-search-paths" project parameter in JJB template).