Further Coverity info

James Hunt james.hunt at ubuntu.com
Wed Apr 10 07:44:48 UTC 2013

On 09/04/13 22:28, Scott Ritchie wrote:
> On 4/9/13 7:34 AM, Allan LeSage wrote:
>> * As part of our Jenkins CI program, we're Coverity-scanning merge
>> proposals, and disapproving them upon finding a new defect:
>> https://code.launchpad.net/~mrazik/unico/coverity/+merge/156877 .
> As an upstream (wine) that uses Coverity, I'm curious how we can get this sort
> of feature in the free tier.  From what I can tell Coverity just periodically
> scans our git tree periodically and produces a list of reports.
> We have a testbot that scans incoming patches (submitted via mailing list) to
> measure new defects: in Wine's case this is defined as tests that fail on one of
> the bot VMs, but if I could invoke coverity directly it could in principle scan
> an arbitrary patchset.
> Do I need to setup some elaborate system of making a new git branch with the
> incoming patch set and then automatically asking coverity to scan that branch? Or can it be manually invoked with arbitrary patches?

Yes - you can run it manually once you have a login...

Wine is already shown in the list of Coverity projects [1], so all you need to
do is:

- Request a login by mailing scan-admin at coverity.com and access to the Wine
Coverity project.
- Download the Coverity scan tool and run it across any version of the wine
- Submit your "snapshot" (Coverity scan tool output) using [3] or [4].
- Login to http://scan5.coverity.com and view the results. Here's an example of
the web interface: http://ubuntuone.com/7Ufq2dHdgGVeqJ16ftqJk1

The first two steps are one-off activities of course. Note that the "snapshots"
can be any arbitrary version of wine - you differentiate them by adding a tag
and/or version on the upload page [3] or using the -b/-t coverity-scan options.
For example, here's how I might upload a scan of Upstart manually using [4]:

$ coverity-submit -t lp:upstart-20130410-foobar-baz.2 upstart

This will:

- clean the build tree
- run the build with Coverity
- upload the snapshot

You'll get a mail from Coverity once the scan is available (takes a few minutes
for me, although might take longer for Wine ;-).

If you have multiple versions/tags, when you login to http://scan5.coverity.com,
select the appropriate version from the Snapshots menu on the left.

Kind regards,


[1] - http://scan.coverity.com/all-projects.html
[2] - http://scan.coverity.com/start/
[3] - http://scan.coverity.com/upload.html
[4] - http://www.catb.org/~esr/coverity-submit/

James Hunt
#upstart on freenode

More information about the ubuntu-devel mailing list