Coverity Scan: Increase or unlimit number of builds

[SecUpwN]

As you guys have already noticed, our @Travis-CI builds are currently in this status:

I have already had a long conversation with @Coverity to customize their script to circumvent Travis CI stopping our builds when the maximum number of CoverityScan checks has been reached. The customized script had been added with https://github.com/SecUpwN/Android-IMSI-Catcher-Detector/commit/665885fd3806d38f78f5d9d406ca922145e059e1 in .travis.yml. The real problem we face, is that with automated translation submissions via our new Weblate, the builds will easily reach 60 a week, I guess.

Solution: Either we get 60+ builds a week (ideal would be unlimited), or we need to think about using another service offering the same features like Travis CI. I am not willing to force developers to think that their code is wrong, while in fact we have just reached such a fucking stupid limit again! /rant

[E3V3A]

Buildozer works great! But perhaps it would be better to reserve the use of CoverityScan for the releases and not the debug builds? (It's not like anyone I know, actually use it or even bother looking at it. Maybe in the next lifetime.)

[SecUpwN]

It's not like anyone I know, actually use it or even bother looking at it. Maybe in the next lifetime.

Great. That is exactly why I implemented it: So that people can stare at it, find a leak or major incompaitibility and.. do nothing. We have more than 6 people do so. :( Where to find devs caring?

[solarce]

Hello @SecUpwN,

We do offer unlimited builds for open source projects on travis-ci.org.

Our integration with Coverity's Scan service does have limits which are setup on the hosted Coverity Scan service, as outlined in https://scan.coverity.com/faq#frequency

I see from some previous Travis-CI support tickets that Coverity provided you with some suggestions on how to limit which branches trigger the Scan service to be run.

Was that not enough to help you make progress? Or are you looking for unlimited runs of the Coverity Scan service as well?

[SecUpwN]

Good evening @solarce, thank you for helping us even though this is beginning to tick me off.

Or are you looking for unlimited runs of the Coverity Scan service as well?

I am essentially looking for unlimited builds there as well, this would eliminate the need for any customized scripts (as we currently use) which might get outdated pretty quickly. Please see if you can add us to your "premium open source list" (or whatever you call it internally). Thank you very much!

[solarce]

Unfortunately, what you are request is not possible for Travis to provide for you, because Coverity limits the usage of their hosted Scan service.

Per https://scan.coverity.com/faq#frequency

What is the frequency for build submissions to Coverity Scan?

Due to high levels of activity, the number of weekly builds per project are as follows:

Up to 12 builds per week, with a maximum of 3 builds per day, for projects with fewer than 100K lines of code Up to 8 builds per week, with a maximum of 2 builds per day, for projects with 100K to 500K lines of code Up to 4 builds per week, with a maximum of 1 build per day, for projects with 500K to 1 million lines of code Up to 2 builds per week, with a maximum of 1 build per day, for projects with more than 1 million lines of code Once a project reaches the maximum builds per week, additional build requests will be rejected. You will be able to re-submit the build request the following week. Please contact scan-admin@coverity.com if you have any special requirements.

They may be willing to work with you on these limits, but it's not something we have any involvement in.

[SecUpwN]

Unfortunately, what you are request is not possible for Travis to provide for you, because Coverity limits the usage of their hosted Scan service.

Ok, I see that you're very supportive here and hope that @Coverity will be as well. Otherwise I will feel forced to ditch their great service - not just because they have these strange limits, but also because currently we don't even have one developer who is actually working on fixing the defects. Sad fact.

They may be willing to work with you on these limits, but it's not something we have any involvement in.

@solarce, please unlimit our builds on the side of Travis CI. This will certainly improve the whole thing.

[solarce]

@SecUpwN travis-ci.org provides you with an unlimited number of builds for your open source repositories, with up to 5 concurrent jobs running. This is available to any open source project hosted on Github. So you're already getting the maximum available that we have to offer for open source.

[SecUpwN]

So you're already getting the maximum available that we have to offer for open source.

Thanks for clarifying this, @solarce, ts makes me love the Travis CI service even more. It appears that the only bottleneck we currently have when using your service, is the limit of Coverity Scan. I will now rename this Issue and see how @Coverity will help us to solve this, otherwise we will have to ditch it.

• Update: Thank you for forking our project, @aceofspades. I'm not sure what your plans are, but it appears that the modified script you helped me to add with https://github.com/SecUpwN/Android-IMSI-Catcher-Detector/commit/665885fd3806d38f78f5d9d406ca922145e059e1 does not work. Would you please increase, unlimit or do anything else to eliminate the bottleneck in Coverity Scan analysis?

[E3V3A]

@solarce @SecUpwN

I see from some previous Travis-CI support tickets that Coverity provided you with some suggestions on how to limit which branches trigger the Scan service to be run.

That is a good solution, limit CS to release (master) builds only. How to do that?

[SecUpwN]

That is a good solution, limit CS to release (master) builds only. How to do that?

@E3V3A, we've had that previously, it simply involves changing this to master. But what sense does it make to have our releases get analyzed while in fact our development code is ages ahead of time?

[E3V3A]

@SecUpwN Please think about that statement again...

Changed to use master branch in abd9ab47f45c458fc78e6e0b34df49a3fb542dfe since we can't expect profit making companies to comply with our unlimited requests.

[SecUpwN]

Please think about that statement again...

Which statement? I don't like that you've changed the .travis.yml and closed this Issue. Show me one developer who actually cares about the defects from master branch, which get's fresh code about every 7 days? The whole sense of using Coverity Scan i to fix stuff ahead of time! A little mad right now.

[E3V3A]

How can you fix stuff ahead of time, if you don't know what it is?

Who cares about the development, its for exactly that, testing and development! Once in master we see what need change and then fix it in development. That's what's its for. Nothing to be mad about here. Why waste time on this issue when the CS people have already clearly stated that they can't offer us any more builds?

[SecUpwN]

Just to let you know: I've received the very supportive answer of @aceofspades:

I believe we have isolated the issue. I’ve file a PR for travis-build.

This won't unlimit our builds, but at least tackles the Travis-CI complaints.