How To

Register an ONAP project on Coverity Scan service

TO BE DONE

Use Jenkins to submit builds for Coverity Scan evaluation periodically

Add the following job project to appropriate yaml config. E.g. for SO (https://git.onap.org/ci-management/tree/jjb/so/so.yaml):

- project:
    name: 'so-coverity'
    jobs:
      - onap-gerrit-maven-coverity
    cron: '@daily'
    build-node: 'ubuntu1604-builder-4c-4g'
    project: 'so'
    project-name: 'so'
    branch: 'master'
    mvn-settings: 'so-settings'
    mvn-params: '-Dmaven.test.skip=true'
    coverity-project-name: 'onap-so'
    coverity-token: 'PUT YOUR COVERITY PROJECT TOKEN HERE'
    coverity-user-email: 'PUT YOUR COVERITY USER EMAIL HERE'

Access defect details

TO BE DONE

Reference Coverity defect ID in commit message

Coverity: CID-12345, CID-67890

Reduce amount of defects

Mark Coverity defect as "not-a-bug"

1. Go to "Triage" section on the right panel of "View Defects" page.
2. Set "Action" to "Ignore" and "Apply".

Disable Findbugs defects

If you have "Maintainer/Owner" permissions for a project:

1. Go to "Project Setting" tab on project page and click "Edit".
2. Check "Exclude Findbugs™ Defects" and "Submit".

Disable tests analysis

Modify "mvn-params" attribute of appropriate Jenkins job to skip build of the tests:

- project:
    name: 'so-coverity'
    mvn-params: '-Dmaven.test.skip=true'
    ...

See also

• Supported programming languages
  • C/C++, Java, C#, JavaScript, PHP, Python, Ruby
  • At the moment we have a Jenkins job template for Java (Maven) only - TO BE DONE
• FAQ
  • Types of detected issues
  • Submission frequency limits
• Quick Start guide
• Community forum