Section |
---|
Column |
---|
Tip |
---|
Presentation on ONAP Joint Subcommittee Meeting, Antwerp '2019 View file |
---|
name | ONAP static code analysis by Coverity Scan service - Introduction and setup - Artem Naluzhnyy.pdf |
---|
height | 150 |
---|
|
(presentation video) |
|
|
Column |
---|
Coverity Scan resultsRepository | Coverity Scan status & results | Jenkins job (see also All-Coverity view) |
---|
aaf/authz |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-aaf-authz">
<img alt="Coverity Scan Build Status"
src="https://scan.coverity.com/projects/18975/badge.svg"/>
</a> |
|
|
---|
aaf/cadi |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-aaf-cadi">
<img alt="Coverity Scan Build Status"
src="https://scan.coverity.com/projects/18976/badge.svg"/>
</a> |
|
|
---|
ccsdk/apps |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-ccsdk-apps">
<img alt="Coverity Scan Build Status"
src="https://scan.coverity.com/projects/19295/badge.svg"/>
</a> |
|
|
---|
ccsdk/dashboard |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-ccsdk-dashboard">
<img alt="Coverity Scan Build Status"
src="https://scan.coverity.com/projects/19297/badge.svg"/>
</a> |
|
|
---|
clamp |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-clamp">
<img alt="Coverity Scan Build Status"
src="https://scan.coverity.com/projects/18706/badge.svg"/>
</a> |
|
|
---|
multicloud/k8s |
Note |
---|
Golang support will be ported from commercial Coverity tool to Coverity Scan service later. |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-multicloud-k8s"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18708/badge.svg"/></a> |
|
|
---|
multicloud/openstack |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-multicloud-openstack"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18977/badge.svg"/></a> |
|
|
---|
policy/apex-pdp |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-policy-apex-pdp"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18756/badge.svg"/></a> |
|
|
---|
policy/engine |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-policy-engine"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18755/badge.svg"/></a> |
|
|
---|
portal |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-portal"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18696/badge.svg"/></a> |
| portal-coverity |
---|
portal/sdk |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-portal-sdk">
<img alt="Coverity Scan Build Status"
src="https://scan.coverity.com/projects/19032/badge.svg"/>
</a> |
|
|
---|
sdc |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-sdc"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18677/badge.svg"/></a> |
|
|
---|
sdc/dcae-d/dt-be-property |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-sdc-dt-be-property"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18676/badge.svg"/></a> |
|
|
---|
sdc/dcae-d/fe |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-sdc-dcae-d-fe"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18612/badge.svg"/></a> |
|
|
---|
so |
HTML |
---|
<a href="https://scan.coverity.com/projects/onap-so"><img alt="Coverity Scan Build Status" src="https://scan.coverity.com/projects/18187/badge.svg"/></a> |
| so-coverity |
---|
|
How To
Register a new ONAP project on Coverity Scan service
...
- Visit new project registration page.
- Fill the following info:
- Project Name (e.g.
"onap-so")
onap-[a-z0-9-]+
(avoid using "/")
- the project name will be used as a parameter for appropriate Jenkins job to submit build results
- Role - set it to
"Maintainer/Ovner"
- Language (e.g.
"Java"
) - Repository URL (e.g.
"https://git.onap.org/so/"
) - License (e.g.
"Apache"
) - Homepage URL (e.g.
"https://www.onap.org/"
) - Reference URL
- proof of your association with the project, e.g. link to your commit
- optional but highly recommended
- Additional information (e.g.
"SO is a component of Open Networking Automation Platform - an open source networking project hosted by the Linux Foundation."
)
- Project will be created immediately. We can send builds for analysis. However, access to defects report should be unlocked after the project verification by Coverity Scan admins (it usually takes a couple of working days).
- To configure a Jenkins job for automated build submission we need a Project Token. It can be found on "Project Settings" tab:
![](/download/attachments/64007011/screenshot-token.png?version=1&modificationDate=1560348059000&api=v2&effects=drop-shadow)
- Setup a Jenkins job for the component.
Anchor |
---|
| jenkins-setup |
---|
| jenkins-setup |
---|
|
Setup Jenkins to submit builds for Coverity Scan evaluation periodicallyAdd the following job project to appropriate yaml config. E.g. for SO (https://git.onap.org/ci-management/tree/jjb/so/so.yaml):
...
Code Block |
---|
|
Coverity-scan: CID-12345, CID-67890 |
Reduce amount of defects
...
Disable analysis of specific files
...
...
The functionality is temporary(?) disabled on Coverity Scan service side.
See how to define software components. You can find a list of all files analysed by Coverity Scan service for a project here.
Mark Coverity defect as false positive
...
Code Block |
---|
|
- project:
name: 'so-coverity'
mvn-params: '-Dmaven.test.skip=true'
... |
Anchor |
---|
| analysed-files-list |
---|
| analysed-files-list |
---|
|
List all files of a project analysed by Coverity Scan
See "cov-int/coverity-scan-analysed-files.txt.gz"
file in archived Jenkins build artifacts.
Overview Coverity Scan build logs
See "cov-int/build-log.txt.gz"
file in archived Jenkins build artifacts.
See also
Jira |
---|
server | ONAP JIRA |
---|
columns | key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution |
---|
serverId | 425b2b0a-557c-3c0c-b515-579789cceedb |
---|
key | CIMAN-260 |
---|
|
- A couple of Coverity related topics explained on ONAP Security Best Practices page.
- Supported programming languages: C/C++, Java, C#, JavaScript, TrueScript, PHP, Python, RubyAt , VB, Scala, Swift (at the moment we have a Jenkins job template for Java (Maven) only - TO BE DONEcomponents built by maven only, however, other language sources in the repo can be also analysed using
"coverity-search-paths"
project parameter in JJB template).
...