Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Triquetrum/Coverity Scan
Contents
Summary
Coverity Scan is a static analysis tool.
Currently we are running Coverity Scan by hand on Triquetrum on a non-Eclipse Foundation machine.
- Coverity Scan output for Triquetrum (probably need to request access or email Christopher)
Hudson FindBugs vs Coverity Scan FindBugs
Oddly, Hudson (https://hudson.eclipse.org/triquetrum/job/triquetrum/findbugs) reports 70 FindBugs issues where as Coverity is only reporting 16 FindBugs issues. The difference is that Coverity Scan is reporting issues for the code that is compiled with "mvn verify".
How to update
The Triquetrum project settings on the Coverity Scan site has a code that is used for the update. The code is put into $HOME/.coverityTriqToken.
Below is the script that is used for the update with the code removed.
#!/bin/sh # Upload stats to coverity. TRIQ_TOKEN_FILE=$HOME/.coverityTriqToken if [ ! -f $TRIQ_TOKEN_FILE ]; then echo "$0: Exiting. The Coverity Triquetrum Token file is not present." exit 2 fi cd $HOME/src/triquetrum/triquetrum rm -rf reports/cov-int mkdir -p reports/cov-int mvn clean # Use --fs-capture-search so that we get JavaScript and Java. See https://scan.coverity.com/download?tab=other $HOME/src/cov-analysis-linux64/bin/cov-build --dir reports/cov-int --fs-capture-search ./ mvn verify (cd reports; tar czvf myproject.tgz cov-int) VERSION="Triquetrum0.0.1`date +%Y%M%d`" curl --form token=`cat $TRIQ_TOKEN_FILE` \ --form email=cxh@eecs.berkeley.edu \ --form file=@reports/myproject.tgz \ --form version="$VERSION" \ --form description="nightly" \ https://scan.coverity.com/builds?project=Triquetrum
Hudson, Jenkins, Coverity Scan Notes
Note that the Hudson and Jenkins Coverity Plug-ins do not work with Coverity Scan. Those plugins are for use with the Coverity Integrity Manager Instances, which are not available as part of Coverity Scan for OSS.
To invoke Coverity Scan on the Eclipse Hudson Instances, we would need to
- Have the Coverity tools installed, see https://scan.coverity.com/download?tab=java, which probably requires a free account.
- Know where those tools are
- Be able to invoke a shell script such as the above script
See Also
- Bug 488602 - Add Coverity Scan Plugin to Triquetrum Hudson HIPP
- https://scan.coverity.com/faq#eclipse - out of date instructions for Eclipse projects.
- https://scan.coverity.com/travis_ci - Not sure how up to date it is.