A plugin for integrating with Coverity, a static analysis platform. Adds tasks to the project that will emit, analyze, and commit data using Coverity analysis tools that are installed on the user's machine.
Basically this will automatically determine the arguments for
cov-emit-java and run that after building instead of using cov-build
to wrap your build. Emits are broken up by source set (Java) or variant
(Android) in case your configuration might have multiple versions of a full
package.name.ClassName. Emits are followed up with cov-import-scm (if an
SCM is configured), cov-analyze-java, then finally cov-commit-defects.
Use at your own risk. I cannot guarantee support, so be ready to fork and make changes.
MIT License. That way neither of us have to worry about that kind of stuff too much.
- Gradle 2.0+
- Java projects
- Android projects with Gradle build tools 1.0.0+
- Note: bumps Gradle requirement to 2.2.1+
- Can analyze projects with child projects
- Root and child projects can be mixed Java and Android
- Tested with the following versions of Coverity Analysis Tools and Coverity Connect:
- 7.0.3
- 7.7.0
- Anything in between probably works
- No planned support for other versions
It's Gradle. You know the drill. Maybe you don't. So before we get to configuring the plugin, you need to get the plugin applied to your Gradle build script.
This plugin is published to the Gradle Plugin Portal, so you can use the Gradle 2.1+ plugin mechanism.
Here's one way you can do it by specifying it in your root Gradle file:
// Generally this is at the top
buildscript {
repositories {
maven {
url 'https://plugins.gradle.org/m2/'
}
}
dependencies {
classpath 'gradle.plugin.com.github.mjdetullio.gradle:coverity-plugin:VERSION'
}
}
apply plugin: 'com.github.mjdetullio.gradle.coverity'
Now you're ready to configure. Emit and analyze are pretty much plug-n-play
once you set your COVERITY_HOME environment variable. Commit can be
configured with environment variables. Reference the below defaults for those
variables, or set them in your Gradle file.
Here's all the optional settings for your root Gradle file:
// Most settings here are only valid on the root project
coverity {
// Default values shown here
// You only have to add them if you wish to override
// Directory Coverity uses during emit/scm/analyze/commit
intermediateDir = "${project.buildDir}/coverity/intermediate"
// Path to strip from the beginning of each file's absolute path during analyze
stripPath = project.projectDir
// SCM type to use during SCM import (this is the value for the --scm argument of cov-import-scm and cov-commit-defects)
scm = System.getenv('COVERITY_SCM')
// Path to your Coverity Analysis Tools root directory (leave "bin" off the end)
// If env var is not set and you don't set this, it assumes "${COVERITY_HOME}/bin" is on your PATH
coverityHome = System.getenv('COVERITY_HOME')
// Coverity Connect settings used during the commit phase
// Settings can also be picked from ${COVERITY_HOME}/config/coverity_config.xml if unspecified
stream = System.getenv('COVERITY_STREAM')
host = System.getenv('COVERITY_HOST')
// Dataport, port, and HTTPS port is supported -- dataport is favored, followed by port, then httpsport
port = System.getenv('COVERITY_PORT')
dataport = System.getenv('COVERITY_DATAPORT')
httpsport = System.getenv('COVERITY_HTTPSPORT')
user = System.getenv('COVERITY_USER')
pass = System.getenv('COVERITY_PASS')
// Specifies files that should be excluded from analysis by deleting them from the emit DB using cov-manage-emit
// Default:
excludes = [project.buildDir]
// Add more, in addition to the default "buildDir":
excludes += [file('path/to/file')]
// Whether child projects (recursive) should be part of the analysis
includeChildProjects = true
// Setting this to true will not skip child projects
skip = false
}
// You can add more args to the external executions for each of the added tasks
// Again, each block is optional
covEmitJava {
additionalArgs = ['--arg-name', 'value', 'argA', 'argB', 'etc']
}
covImportScm {
additionalArgs = ['--arg-name', 'value', 'argA', 'argB', 'etc']
}
covAnalyzeJava {
additionalArgs = ['--arg-name', 'value', 'argA', 'argB', 'etc']
}
covCommitDefects {
additionalArgs = ['--arg-name', 'value', 'argA', 'argB', 'etc']
}
Optional settings for child projects:
// Do not apply the plugin in child projects!
// Just add the block
coverity {
// Default values shown here
// You only have to add them if you wish to override
// Specifies files that should be excluded from analysis by deleting them from the emit DB using cov-manage-emit
// Default:
excludes = [project.buildDir]
// Add more, in addition to the default "buildDir":
excludes += [file('path/to/file')]
// Whether child projects (recursive) should be part of the analysis
includeChildProjects = true
// Setting this to true will not skip child projects
skip = false
}
Now you're ready to do an analysis. The task dependency tree for this plugin looks like this:
covEmitJava ( <- covImportScm ) <- covAnalyzeJava <- covCommitDefects
covImportScm will only be inserted into the dependency tree if you set
a value for the scm configuration option. The task is always created.
So... just run this to build your app and do all those tasks for you in order:
./gradlew assemble covCommitDefects
JDK 1.6 required, since that's what Gradle builds against.
IntelliJ recommended. Import project from the build.gradle file.
To create a JAR that can be included on your Gradle build script's classpath, run the following command from the project root directory:
./gradlew assemble
Set gradle.publish.key and gradle.publish.secret in
~/.gradle/gradle.properties and run:
./gradlew clean publishPlugins