Issue #15202 has been updated by mame (Yusuke Endoh).


I had run the Coverity Scan analysis on CI (twice a week), and I had checked the result only when I felt like.  But recently I forgot it completely.  By this ticket, I have just noticed that the analysis has not worked since Feb. 2018 :-)

Personally, I no longer like to spend effort for Coverity Scan.  The analysis result includes too many false warnings.  I have no intention to blame Coverity Scan; many of the false alarms are really subtle and even hard for human to understand that they are actually false.  Anyway, it really makes me tired.  Indeed, it sometimes tells us actual bugs, but I don't see that the advantage is worth the cost.

If anyone wants to use Coverity Scan again, I'd like to grant her/him to restore the build analysis.  It would be preferable that s/he is a Ruby committer according to [Coverity Scan FAQ "Who may be granted access to a Registered Project?"](https://scan.coverity.com/faq#who-can-have-access).

----------------------------------------
Misc #15202: Adding Coverity Scan to CI to see the result casually
https://bugs.ruby-lang.org/issues/15202#change-74309

* Author: jaruga (Jun Aruga)
* Status: Open
* Priority: Normal
* Assignee: 
----------------------------------------
Recently I reported issues detected by code analysis tool mainly using Coverity Scan. 

The 9 issues categorized as "important" was fixed by #15116. (Thank you!)

> https://bugs.ruby-lang.org/issues/15116
>
> However as a "not important" issues, around 1000 issues were detected by the tool for the ruby 2.5.1.
> I am considering how to deal with this or report those.
> I might open an another ticket for that.

However there are around 1000 "not important" issues.

Right now I do not share the report file (840KByte) for that, because it makes people tired.
If someone want to see it, I am happy that to share it here as an attachment.

Instead of that, It looks good to me that someone could see the result of coverity scan casually anytime to fix those in long term.

What I want to propose it to add coverity scan test on rubyci or Travis CI.

I do not know how coverity scan is used on current Ruby project as a regular workflow.
But I could see it is actually used from the setting [2] and some tickets. [3]

I found how to use Coverity Scan on Travis CI [4], and the used cases [5][6].

How do you think?


* [1] rubyci: https://www.rubyci.org/
* [2] coverity scan ruby project: https://scan.coverity.com/projects/ruby
* [3] coverity scan used tickets:
  * https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/61862
  * https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/55763
  * https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/50734
* [4] How to use Coverity Scan on Travis CI: https://scan.coverity.com/travis_ci
* [5] The cases for coverity scan on Travis CI:
  * https://github.com/nanoporetech/scrappie/blob/master/.travis.yml
  * https://github.com/JanusGraph/janusgraph/blob/master/.travis.yml




-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>