zmk.Coverity - Man Page

Module for interacting with Coverity static analysis tool

Synopsis

include z.mk
# additional definitions required
$(eval $(call ZMK.Import,Coverity))

Description

The module Coverity allows preparing and uploading scan artifacts to a hosted coverity instance.

Targets

This module provides the following targets.

upload-coverity-scan

This phony target uses curl to upload the archived scan artifacts to the coverity scanning service.

clean

This phony target removes the cov-int directory as well as the cov-int.$(NAME)-$(VERSION).tar.gz archive.

cov-int

This target invokes the cov-build program to forcibly re-build the whole project and collect information for analysis.

cov-int.$(NAME)-$(VERSION).tar.gz

This target archives the cov-int directory.

Variables

This module provides the following variables.

Coverity.Sources

List of source files to consider as analysis dependency.

There is no default value. This variable must be set before importing the module.

Coverity.ProjectName

Name of the project registered on the Coverity instance

There is no default value. This variable must be set before importing the module.

Coverity.Email

E-mail address of the project maintainer, as registered on the Coverity instance.

There is no default value. This variable must be set before importing the module.

Coverity.Token

The token used to authorize uploads of scan artifacts.

There is no default value. This variable must be set before importing the module.

Coverity.ScanURL

The URL used for submitting scan artifacts.

The default value is https://scan.coverity.com/builds

Bugs

This module uses recursive make invocation and is therefore not safe to execute concurrently with other scanners that use this strategy.

Examples

The following example shows how Coverity can be used to scan a sample project. The code assumes that local installation of coverity scanner is in /opt/cov-analysis-linux64-2019.03. The project name, maintainer email are provided in-line but the authentication token is expected to be provided through the environment variable COVERITY_TOKEN.

include z.mk
COVERITY_TOKEN ?=
ifneq (,$(COVERITY_TOKEN))  # enable coverity if secret token is available
Coverity.Sources=foo.c
Coverity.ProjectName=foo
Coverity.Email=maintainer@example.com
Coverity.Token=$(COVERITY_TOKEN)
cov-int: PATH := $(PATH):/opt/cov-analysis-linux64-2019.03/bin
$(eval $(call ZMK.Import,Coverity))
endif

History

The Coverity module first appeared in zmk 0.1

Authors

Zygmunt Krynicki <me@zygoon.pl>

Info

Jan 8 2021