-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
vdk-coverity: Adding Coverity Scan #2753
Conversation
e6306c1
to
8fb15a5
Compare
… of SDL procedure.
for more information, see https://pre-commit.ci
a0c7278
to
82ec20f
Compare
Please add Testing Done secttion (with link to the successful pipeline that ran the coverity job) . Please also describe better what is coverity scanning providing for the project. Why would it be useful to have it in a bit more details. And lastly please document the new CICD variables in https://github.com/vmware/versatile-data-kit/wiki/Gitlab-CICD |
Why? What? How has this been tested? What type of change are you making? |
That's great description. Please do put it in the PR description. The PR description is used as the commit message when merging |
How do I actually see the report? |
$COVERITY_SCAN_PROJECT_NAME variable has been replaced with versatile-data-kit.
Why?
The coverity scan is a SAST scan which is required for every product or service to conform to Vmware SDL procedures.
What?
This job constitutes of a script which downloads the coverity-analysis. Untars the analysis file and then executes the build for various projects to create intermediate folder within the vdk repo. It then combines the intermediate folder and uploads it to the https://scan.coverity.com/.
How has this been tested?
Coverity Scan Test:
The job was triggered to run from a rule based on commit on a private branch and the link for successful pipeline run is here:https://gitlab.com/vmware-analytics/versatile-data-kit/-/pipelines/1024643834.
Only change was the commit branch has been changed to point to main instead of a specific branch before merging.
What type of change are you making?
The change is in the gitlab-ci.yaml file where a new job has been added as part of the existing pipeline configuration. This will create a new stage/job when it is triggered.