In my experience we can work just fine with scans that happen every so often. Static analysis does not change as fast as you may think, Right now a coverity scan is only done when I send an email to the maintainers. Asking them to run a scan. I would love to see the scan happen automatically every week or two.
It has been about 2 months since the last scan. https://scan.coverity.com/projects/iotivity?tab=overview I should send an email to the maintainer asking them to run the scan again. I seem to be the only person that regularly checks the results. The last month or two I have not had much time to check the results so I don't think anything new has been done. I did add the link in the wiki to the coverity project. https://wiki.iotivity.org/development_workflow That is the only entry a single link with no instructions or guidelines for using coverity. I would like to improve that. George -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Mats Wichmann Sent: Friday, July 21, 2017 7:44 AM To: Stefan Schmidt <[email protected]>; [email protected] Subject: Re: [dev] Static Analysis Tool On 07/21/2017 08:28 AM, Stefan Schmidt wrote: > Hello. > > On 07/21/2017 03:10 PM, Mats Wichmann wrote: >> >>>>> 2) Coverity >>>>> >>>> AFAIK coverify used manually from time to time, and fix code >>>> accordingly BTW wouldn't it be nice if we could track/update/link >>>> reports on jira, or better in "real time" on gerrit. >>> That is the goal, to incorporate static analysis to each gerrit >>> commit, so each commit can be kept clean. :-) > > That will simply not be possible with the service for open source > projects. You would need to buy a license and setup your server, etc. > > The frequency of builds is limited based on project size. > https://scan.coverity.com/faq#frequency > >> I believe this is possible - there is a coverity jenkins plugin >> available. > > It is quite soem time this I integrated all this with EFL Jenkins and > Coverity but IIRC the plugin was only for the commercial version if > you run that in your network. It did not work with the Coverity Scan > service for OSS project. That might have changed, its some time since > I looked at it. I integrated it with some simple shell commands they > actually give you all the details on the Coverity Scan project pages. > > regards > Stefan Schmidt Hi Stefan :) yeah, I was just about to update with this info. certainly the free service doesn't support the frequency that would come from "with every commit", not even close. other static checkers are commercial services as well, in fact it's a fairly lucrative business. _______________________________________________ iotivity-dev mailing list [email protected] https://lists.iotivity.org/mailman/listinfo/iotivity-dev _______________________________________________ iotivity-dev mailing list [email protected] https://lists.iotivity.org/mailman/listinfo/iotivity-dev
