On Fri, May 25, 2012 at 3:09 PM, Pedro Giffuni <p...@apache.org> wrote: > Hello guys; > > Sorry to contact you about something somewhat off-topic but perhaps > someone here can give me details (in private is OK) on how the Coverity > scans are generated? > > On another Apache project we want to use coverity but infra@ is not > aware about anything on their side that is required to enable it.
The Coverity scans are all done on their infrastructure, with reports limited to people whom they have authorized to view them. To be honest, it's been a long while since we as a project have done anything meaningful with the Coverity reports. Their system works by substituting their scanning compiler for the "normal" one and then running the project build system. Some time ago, something about our build system changed which broke their automation to the point where the vast majority of the project wasn't being covered. To compound problems, the link to login to fetch results went bad a few months after that, and efforts to contact them to determine a fix have been futile. While I personally am appreciative of the static analysis tools Coverity provides, the lack of responsiveness has negated that benefit. In short, you need to contact Coverity directly, but it may take a lot of effort. If you are looking for static analysis tools, you may be interested in the Clang static analyzer. I have found it to be pretty useful in finding many of the same issues Coverity claims to find. You can find more information about it here: http://clang-analyzer.llvm.org/ Best, -Hyrum -- uberSVN: Apache Subversion Made Easy http://www.uberSVN.com/
