search

simsong / bulk_extractor

This is the development tree. Production downloads are at:
https://github.com/simsong/bulk_extractor/releases
Other
1.04k stars 183 forks source link

GH Workflows: Create CI job for Coverity scan #457

Closed moshekaplan closed 4 months ago

moshekaplan commented 5 months ago

Coverity Scan is a static source code analyzer to find bugs, security vulnerabilities, and other potential issues. This PR adds a GitHub Workflow CI job to create a new Coverity Scan build daily, to ease detection and remediation of software bugs.

Before this is merged in, the following steps are required: 1) Register the bulk_extractor project on Coverity's website here: https://scan.coverity.com/projects/ (it would be best if an official maintainer did this) 2) Create two new secrets: a) COVERITY_SCAN_EMAIL with the email address that should be notified with the scan results. It is not possible to disable the scan result emails. b) COVERITY_SCAN_TOKEN with the Project token from the Coverity project page (e.g., https://scan.coverity.com/projects/bulk_extractor?tab=project_settings )

Optionally, you may also wish to: 1) Configure Coverity to ignore directories that you don't want it to scan. (e.g., the /src/be20_api/.* directory)

After this PR is merged, GitHub will submit builds to Coverity with the schedule specified in the yaml file. However, if desired, you can trigger a manual run by going to Actions -> Coverity Scan, and clicking on the Run workflow button.

moshekaplan commented 5 months ago

The Coverity report from running it on my fork is available here: https://scan.coverity.com/projects/moshekaplan-bulk_extractor

simsong commented 5 months ago

This is super exciting. Coverity appears to be free for open source project. I'll set it up and accept your PR once I do.

simsong commented 5 months ago

@moshekaplan - would you like me to register your email? ;-)

simsong commented 5 months ago

Coverity Scan is a static source code analyzer to find bugs, security vulnerabilities, and other potential issues. This PR adds a GitHub Workflow CI job to create a new Coverity Scan build daily, to ease detection and remediation of software bugs.

Before this is merged in, the following steps are required:

  1. Register the bulk_extractor project on Coverity's website here: https://scan.coverity.com/projects/ (it would be best if an official maintainer did this)
  2. Create two new secrets: a) COVERITY_SCAN_EMAIL with the email address that should be notified with the scan results. It is not possible to disable the scan result emails. b) COVERITY_SCAN_TOKEN with the Project token from the Coverity project page (e.g., https://scan.coverity.com/projects/bulk_extractor?tab=project_settings )

Optionally, you may also wish to:

  1. Configure Coverity to ignore directories that you don't want it to scan. (e.g., the /src/be20_api/.* directory)

After this PR is merged, GitHub will submit builds to Coverity with the schedule specified in the yaml file. However, if desired, you can trigger a manual run by going to Actions -> Coverity Scan, and clicking on the Run workflow button.

We want be20 scanned...

codecov[bot] commented 5 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (27f0336) 48.18% compared to head (990be23) 48.18%.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #457 +/- ## ======================================= Coverage 48.18% 48.18% ======================================= Files 112 112 Lines 13249 13249 ======================================= Hits 6383 6383 Misses 6866 6866 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

moshekaplan commented 5 months ago

We want be20 scanned...

It will by default. I only used it as an example of something that you might have wanted to have ignored or treated as a separate module.