5
votes

Coverity offers a free scanning service for free and open source projects (http://scan.coverity.com). I'm trying to configure a project for a scan according to Download Coverity Scan Self-Build. From their web page:

For each build:

  1. cd to your build directory

  2. optional: Run any build steps that you don't want to analyze – i.e. ./configure

  3. cov-build --dir cov-int [BUILD CMD and ARGS]

I have three questions:

  • Is make considered a build script for these purposes? Or is it part of [BUILD CMD and ARGS]

  • Does their build slave include libraries such as Boost? We have an [undesired] dependency on the library

  • What configuration does the scanning service want? Debug, Test, or Release?

1
This question appears to be off-topic because it is about using an online service, not about programming.Pascal Cuoq
The topic is about using a software tool. I don't believe its different than a question on how to use make or gcc. Plus, the 'Coverity' tag was already present in SO, so others seem to be using the tool and asking questions about it, too.jww
Sorry this went closed for so long. For some reason, many users seem to have missed the memo that questions about development tools are well and on-topic for SO.BoltClock
@jww: hi, I am wanna learn to do static code analysis using coverity. How to download the tool? is there any trial version of that? the download page is asking me to get associated with at least one project. I have sent some requests to the admin of the projects for access. If the admin accepts my request, will I be able to download the tool or is there any other way?Abhinav

1 Answers

5
votes
  • Is make considered a build script for these purposes? Or is it part of [BUILD CMD and ARGS]

Yes! simply use make as BUILD CMD. Alternatively ant, cmake, whatever your build system is based on.

  • Does their build slave include libraries such as Boost? We have an [undesired] dependency on the library

You may configure this rule

  • What configuration does the scanning service want? Debug, Test, or Release?

Doesn't matter, you can scan any configuration you want.