Coverity Scan Stopped Running

The Coverity Static Analysis Scan at https://scan.coverity.com/projects/llvm
has stopped running. The last analysis was Oct 21, 2022. Could someone with admin right check on this?

@sylvestre has, I think, historically taken ownership for running the scans.

yeah, i will have a look
i didn’t think that someone was looking at the result

I found the issue, i will retrigger a build, should be ok tomorrow (Tuesday)

@sylvestre Thanks for looking into it. I work on other projects where a summary of the results are sent to the dev list once a week listing any new issues. Here is an example:

https://lists.freedesktop.org/archives/libreoffice/2023-January/089786.html

We could set something like that up with LLVM’s Discourse. This would give it a lot more visibility. A link should also be added to the llvm.org dev resources list. If it’s not posted anywhere and if we’re not using Coverity’s Weekly Report to notify devs, of course the usage will be low.

@tstellar would you object to a weekly thread on new issues sent to llvmproject@discourse.llvm.org like above?

@lbenes Seems fine to me.

Fixed

It is now also showing new defects in:

  • flang - 362 defects
  • bolt - 65 defects
  • libc++ - 33 defects
  • libc++abi - 6 defects

@sylvestre Thanks so much for fixing this. I see it’s working now.

Tom gave the OK, to send weekend snapshot reports to Discourse. Could you please follow the instructions here:Synopsys Software Integrity Customer Community

To email llvmproject@discourse.llvm.org like LibreOffice does? This will make Coverity scans much more useful to the community.

Thanks again for getting it running!

create a new view that shows defects added in the last snapshot only

I don’t know how to do that.
How Libreoffice does it?

@sylvestre
To set up email notifications:

  1. Login to Coverity
  2. Click on hamburger icon on top left to display the list of available views.
  3. Hover over the view which you have created.
  4. You would see a drop down arrow next to the view name. Click on it → select notification.
  5. Fill in the Schedule, Recipients and Projects tab. On Schedule tab, check on “Send email when a new snapshot is created”. This will send an email when a new snapshot is added. Since the view shows new defects from last snapshot, the content will show only the new defects.

If you have any issues, I could ask their admin for their Coverity settings.

Thanks @sylvestre - there are a few of us that still keep a watch on the Coverity reports!

Having the new issues being emailed to the llvm-bugs list would be useful, users can easily request to be subscribed to the Coverity report themselves, but that would mean it at least reaches a larger audience.