Signup for Coverity Scan

[anonimal]

As discussed in IRC with @moneromooo-monero, if repo owner signs up for Coverity via GitHub, I (or anyone with permissions) can get a scan uploaded in no time. The process of scanning can be automated with Travis-CI but it doesn't quite work at the moment for Kovri - though it may work for bitmonero without issue. Manually uploading works well and Kovri's scan passes (status-badge also available in README.md).

What I can do now is start the process in my fork and also tinker with Travis-CI/Coverity integration. If either components works, then I'll PR. I only ask for feedback to see if Coverity is something of interest and, if so, I'll spend the time needed to pursue this.

[anonimal]

I've taken the liberty to start this within my fork. Results can be viewed here. I've given @moneromooo-monero ownership permissions so they should be able to invite other developers to view defects. If not, then ping me with an email and I will send an invite Edit: or you can request an invite on the site.

[anonimal]

Referencing monero-project/meta#19. I'd like to get the scan out of my fork and into monero-project once automation gets going.

[dEBRUYNE-1]

+proposal

[hyc]

I've seen that we have patches resulting from Coverity scans now. Is this issue now resolved?

[anonimal]

Nope. I'm still pushing the builds from my repo. I've given moo coverity privileges and he's invited others to review the results so I think that's what's happening here though I'm not sure.

In hindsight, this issue may no longer be and issues because:

• I don't have a problem keeping up with the coverity build
• this is still unresolved https://github.com/monero-project/meta/issues/19
• luigi and fluffy are usually too busy to keep up with things like this so it's better to have someone actively involved such as myself
• keeps up with the decentralization

I do like less work though but not if doing so will result in coverity cobwebs.

[moneromooo-monero]

I think that's what's happening here though I'm not sure

I've been using anonimal's coverity builds. I don't remember adding anyone though, I did not know I could.

[anonimal]

I don't remember adding anyone though, I did not know I could.

Oh my, this is odd then. There are 8 members of which I did not invite but they somehow have defect view privileges. The only other person with elevated privileges is @danrmiller, did he invite them? If not, how are they acquiring invite-only privs?...

[anonimal]

@stoffu how did you acquire privs to anonimal/monero on coverity? I see that you joined on Feb 12th, 2018.

[stoffu]

Actually I had no idea about Coverity until recently when @moneromooo-monero made a few patches regarding Coverity. I just got curious and clicked this link https://scan.coverity.com/projects/9657/ on README.md, and then clicked a button that said 'subscribe' or 'join' (I don't remember well), and then I chose a member status option as something like 'reading member'.

Sorry for carelessly clicking buttons :P

[anonimal]

and then I chose a member status option as something like 'reading member'.

Oh, then apparently coverity changed their guidelines / setup without sending any notification. Back in the day, to even view meant invite only.