Opened 8 years ago

Last modified 2 years ago

#23 accepted TODO (General task list)

Integrate code security analysis tools into Buildbot

Reported by: Samuli Seppänen Owned by: Samuli Seppänen
Priority: minor Milestone:
Component: Generic / unclassified Version: OpenVPN 2.1.0 / 2.1.1 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc: samuli@…

Description

In the IRC meeting on 22nd Apr 2010 it was agreed that all patches should be checked with (security) auditing tools such as Valgrind and Coverity. These tools need to be integrated into our Continuous integration server app, Buildbot.


Change History (7)

comment:1 Changed 8 years ago by Samuli Seppänen

Status: newaccepted

comment:2 Changed 8 years ago by Samuli Seppänen

Cc: samuli@… added

comment:3 Changed 8 years ago by Samuli Seppänen

It's not possible to integrate Coverity into Buildbot. Coverity tracks a static codebase, which in our case is also outdated.

comment:4 Changed 5 years ago by Samuli Seppänen

Coverity has made some changes to their service since this ticket was last modified. It's possible that nowadays it can track a Git tree.

comment:5 Changed 5 years ago by Gert Döring

Hiya. I know you have gotten coverity to check our git tree, but I think their check results are slightly stale (as lots of our code base has changed).

Is there a way to make their system forget everything it knows, and re-start with the latest git master? Then we could try to go systematically through it and fix stuff.

(Also, when I looked last time, their system didn't grok ASSERT() and gave lots of false positives. If they haven't fixed that yet, we could report it back...)

comment:6 Changed 3 years ago by Samuli Seppänen

I will have a look at this again. I read that Coverity has made some changes to the source code upload process lately - that might help us here.

comment:7 Changed 2 years ago by Samuli Seppänen

We now have Coverity track a special branch. This was necessary as the number of allowable builds per day is limited. Do we consider this enough to close the ticket?

Note: See TracTickets for help on using tickets.