Section |
---|
|
Note |
---|
scheduled for upgrade in June 2019. It may go offline for a few days. |
Panel |
---|
Tip |
---|
Presentation on ONAP Joint Subcommittee Meeting, Antwerp '2019 View file |
---|
name | ONAP static code analysis by Coverity Scan service - Introduction and setup - Artem Naluzhnyy.pdf |
---|
height | 150 |
---|
|
(presentation video) |
|
|
Column |
---|
Coverity Scan resultsRepository | Coverity Scan status & results | Jenkins job (see also All-Coverity view) |
---|
aaf/authz |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-aaf-authz">
<img alt="Coverity Scan Build Status"
src="https://scan.coverity.com/projects/18975/badge.svg"/>
</a> |
|
|
---|
aaf/cadi |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-aaf-cadi">
<img alt="Coverity Scan Build Status"
src="https://scan.coverity.com/projects/18976/badge.svg"/>
</a> |
|
|
---|
ccsdk/apps |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-ccsdk-apps">
<img alt="Coverity Scan Build Status"
src="https://scan.coverity.com/projects/19295/badge.svg"/>
</a> |
|
|
---|
ccsdk/dashboard |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-ccsdk-dashboard">
<img alt="Coverity Scan Build Status"
src="https://scan.coverity.com/projects/19297/badge.svg"/>
</a> |
|
|
---|
clamp |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-clamp">
<img alt="Coverity Scan Build Status"
src="https://scan.coverity.com/projects/18706/badge.svg"/>
</a> |
|
|
---|
multicloud/k8s |
Note |
---|
Golang support will be ported from commercial Coverity tool to Coverity Scan service later. |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-multicloud-k8s"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18708/badge.svg"/></a> |
|
|
---|
multicloud/openstack |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-multicloud-openstack"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18977/badge.svg"/></a> |
|
|
---|
policy/apex-pdp |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-policy-apex-pdp"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18756/badge.svg"/></a> |
|
|
---|
policy/engine |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-policy-engine"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18755/badge.svg"/></a> |
|
|
---|
portal |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-portal"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18696/badge.svg"/></a> |
| portal-coverity |
---|
portal/sdk |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-portal-sdk">
<img alt="Coverity Scan Build Status"
src="https://scan.coverity.com/projects/19032/badge.svg"/>
</a> |
|
|
---|
sdc |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-sdc"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18677/badge.svg"/></a> |
|
|
---|
sdc/dcae-d/dt-be-property |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-sdc-dt-be-property"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18676/badge.svg"/></a> |
|
|
---|
sdc/dcae-d/fe |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-sdc-dcae-d-fe"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18612/badge.svg"/></a> |
|
|
---|
so |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-so"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18187/badge.svg"/></a> |
| so-coverity |
---|
toc
|
How To
Register a new ONAP project on Coverity Scan service
- Visit new project registration page.
- Fill the following info and "Submit":
- Project Name (e.g.
"onap-so")
onap-[a-z0-9-]+
(avoid using "/")
- the project name will be used as a parameter for appropriate Jenkins job to submit build results
- Role - set it to
"Maintainer/Ovner"
- Language (e.g.
"Java"
) - Repository URL (e.g.
"https://git.onap.org/so/"
) - License (e.g.
"Apache"
) - Homepage URL (e.g.
"https://www.onap.org/"
) - Reference URL
- proof of your association with the project, e.g. link to your commit
- optional but highly recommended
- Additional information (e.g.
"SO is a component of Open Networking Automation Platform - an open source networking project hosted by the Linux Foundation."
)
- Project will be created immediately. We can send builds for analysis. However, access to defects report should be unlocked after the project verification by Coverity Scan admins (it usually takes a couple of working days).
- To configure a Jenkins job for automated build submission we need a Project Token. It can be found on "Project Settings" tab:
![](/download/attachments/64007011/screenshot-token.png?version=1&modificationDate=1560348059000&api=v2&effects=drop-shadow)
...
- Setup a Jenkins job for the component.
Anchor |
---|
| jenkins-setup |
---|
| jenkins-setup |
---|
|
Setup Jenkins to submit builds for Coverity Scan evaluation periodicallyAdd the following job project to appropriate yaml config. E.g. for SO (https://git.onap.org/ci-management/tree/jjb/so/so.yaml):
...
Code Block |
---|
|
Coverity-scan: CID-12345, CID-67890 |
Reduce amount of defects
Disable analysis of specific files
See how to define software components. You can find a list of all files analysed by Coverity Scan service for a project here.
Mark Coverity defect as
...
false positive
- Go to "Triage" section on the right panel of "View Defects" page.
- Set "Action" to "Ignore" and "Apply".
...
- Go to "Project Setting" tab on project page and click "Edit".
- Check "Exclude Findbugs Defects" and "Submit" .
![](/download/attachments/64007011/screenshot-findbugs-disable-1.png?version=1&modificationDate=1560337583000&api=v2&effects=drop-shadow)
![](/download/attachments/64007011/screenshot-findbugs-disable-2.png?version=1&modificationDate=1560337582000&api=v2&effects=drop-shadow)
Disable tests analysis
Modify "mvn-params" attribute of appropriate Jenkins job to skip build of the tests:
Code Block |
---|
|
- project:
name: 'so-coverity'
mvn-params: '-Dmaven.test.skip=true'
... |
Anchor |
---|
| analysed-files-list |
---|
| analysed-files-list |
---|
|
List all files of a project analysed by Coverity Scan
See "cov-int/coverity-scan-analysed-files.txt.gz"
file in archived Jenkins build artifacts.
Overview Coverity Scan build logs
See "cov-int/build-log.txt.gz"
file in archived Jenkins build artifacts.
See also
Jira |
---|
server | ONAP JIRA |
---|
columns | key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution |
---|
serverId | 425b2b0a-557c-3c0c-b515-579789cceedb |
---|
key | CIMAN-260 |
---|
|
- A couple of Coverity related topics explained on ONAP Security Best Practices page.
- Supported programming languages: C/C++, Java, C#, JavaScript, TrueScript, PHP, Python, RubyAt , VB, Scala, Swift (at the moment we have a Jenkins job template for Java (Maven) only - TO BE DONEcomponents built by maven only, however, other language sources in the repo can be also analysed using
"coverity-search-paths"
project parameter in JJB template).