Coverity Scan service is scheduled for upgrade in June 2019. It may go offline for a few days.
How To
Register an ONAP project on Coverity Scan service
TO BE DONE
Use Jenkins to submit builds for Coverity Scan evaluation periodically
Add the following job project to appropriate yaml config. E.g. for SO (https://git.onap.org/ci-management/tree/jjb/so/so.yaml):
- project:
name: 'so-coverity'
jobs:
- 'onap-gerrit-maven-coverity'
cron: '@daily'
build-node: 'ubuntu1604-builder-4c-4g'
project: 'so'
project-name: 'so'
branch: 'master'
mvn-settings: 'so-settings'
mvn-params: '-Dmaven.test.skip=true'
coverity-project-name: 'onap-so'
coverity-token: 'PUT YOUR COVERITY PROJECT TOKEN HERE'
coverity-user-email: 'PUT YOUR COVERITY USER EMAIL HERE'
Access defect details
- Open Coverity Scan page for your project. You can either use Coverity Scan projects search or find a direct link on appropriate Jenkins job page:
- If you have not been added to the project on Coverity Scan service yet:
- Click on "Add me to project":
- Wait till the project administrators grant you appropriate permissions.
- Click on "Add me to project":
- Click on "View Defects":
Reference Coverity defect ID in commit message
Coverity: CID-12345, CID-67890
Reduce amount of defects
Mark Coverity defect as "not-a-bug"
- Go to "Triage" section on the right panel of "View Defects" page.
- Set "Action" to "Ignore" and "Apply".
Disable Findbugs defects
If you have "Maintainer/Owner" permissions for a project:
- Go to "Project Setting" tab on project page and click "Edit".
- Check "Exclude Findbugs Defects" and "Submit".
Disable tests analysis
Modify "mvn-params" attribute of appropriate Jenkins job to skip build of the tests:
- project:
name: 'so-coverity'
mvn-params: '-Dmaven.test.skip=true'
...
See also
- Supported programming languages
- C/C++, Java, C#, JavaScript, PHP, Python, Ruby
- At the moment we have a Jenkins job template for Java (Maven) only - TO BE DONE
- FAQ
- Quick Start guide
- Community forum