Skip to main content

Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

Triquetrum/Coverity Scan

< Triquetrum
Revision as of 10:24, 6 April 2016 by Cxbrooks.gmail.com (Talk | contribs) (Added link to https://scan.coverity.com/travis_ci)

Summary

Coverity Scan is a static analysis tool.

Currently we are running Coverity Scan by hand on Triquetrum on a non-Eclipse Foundation machine.

Hudson FindBugs vs Coverity Scan FindBugs

Oddly, Hudson (https://hudson.eclipse.org/triquetrum/job/triquetrum/findbugs) reports 70 FindBugs issues where as Coverity is only reporting 16 FindBugs issues. The difference is that Coverity Scan is reporting issues for the code that is compiled with "mvn verify".

How to update

The Triquetrum project on the Coverity Scan site has a code that is used for the update.

Below is the script that is used for the update with the code removed. 

#!/bin/sh                                                                                                                                   
# Upload stats to coverity.                                                                                                                 

TRIQ_TOKEN_FILE=$HOME/.coverityTriqToken
if [ ! -f $TRIQ_TOKEN_FILE ]; then
    echo "$0: Exiting. The Coverity Triquetrum Token file is not present."
    exit 2
fi

cd $HOME/src/triquetrum/triquetrum

rm -rf reports/cov-int
mkdir -p reports/cov-int

mvn clean

# Use --fs-capture-search so that we get JavaScript and Java.  See https://scan.coverity.com/download?tab=other                             
$HOME/src/cov-analysis-linux64/bin/cov-build --dir reports/cov-int --fs-capture-search ./ mvn verify

(cd reports; tar czvf myproject.tgz cov-int)

VERSION="Triquetrum0.0.1`date +%Y%M%d`"

curl --form token=`cat $TRIQ_TOKEN_FILE` \
  --form email=cxh@eecs.berkeley.edu \
  --form file=@reports/myproject.tgz \
  --form version="$VERSION" \
  --form description="nightly" \
  https://scan.coverity.com/builds?project=Triquetrum

Hudson, Jenkins, Coverity Scan Notes

Note that the Hudson and Jenkins Coverity Plug-ins do not work with Coverity Scan. Those plugins are for use with the Coverity Integrity Manager Instances, which are not available as part of Coverity Scan for OSS.

To invoke Coverity Scan on the Eclipse Hudson Instances, we would need to

  1. Have the Coverity tools installed, see https://scan.coverity.com/download?tab=java, which probably requires a free account.
  2. Know where those tools are
  3. Be able to invoke a shell script such as the above script

See Also

Retrieved from "https://wiki.eclipse.org/index.php?title=Triquetrum/Coverity_Scan&oldid=403677"

Back to the top