...

How To

Register a new ONAP project on Coverity Scan service

...

1. Open Coverity Scan page for your project. You can either use Coverity Scan projects search or find a direct link on appropriate Jenkins job page:
   
2. If you have not been added to the project on Coverity Scan service yet:
   1. Click on "Add me to project" and fill the form:
      
      
   2. Wait till the project administrators grant you appropriate permissions.
3. Click on "View Defects":
   

Reference Coverity defect ID in commit message

...

1. Go to "Triage" section on the right panel of "View Defects" page.
2. Set "Action" to "Ignore" and "Apply".

Disable Findbugs defects

If you have "Maintainer/Owner" permissions for a project:

1. Go to "Project Setting" tab on project page and click "Edit".
2. Check "Exclude Findbugs™ Defects" .

Disable tests analysis

Modify "mvn-params" attribute of appropriate Jenkins job to skip build of the tests:

- project:
    name: 'so-coverity'
    mvn-params: '-Dmaven.test.skip=true'
    ...

Anchor
analysed-files-list analysed-files-list

List all files of a project analysed by Coverity Scan

See "cov-int/coverity-scan-analysed-files.txt.gz" file in archived Jenkins build artifacts.

Overview Coverity Scan build logs

See "cov-int/build-log.txt.gz" file in archived Jenkins build artifacts.

See also

• Jira Legacy
  server System Jira columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 4733707d-2057-3a0f-ae5e-4fd8aff50176 key CIMAN-260

  
  
  
• A couple of Coverity related topics explained on ONAP Security Best Practices page.
  
  
• Supported programming languages: C/C++, Java, C#, JavaScript, TrueScript, PHP, Python, Ruby, VB, Scala, Swift (at the moment we have a Jenkins job template for components built by maven only, however, other language sources in the repo can be also analysed using "coverity-search-paths" project parameter in JJB template).

...