Can coverity be used for scanning python code base. If yes, then what inputs to be given in cov-build command? It would be good to have whole sequence of cov commands for scanning python code.
Asked
Active
Viewed 3,276 times
1 Answers
1
Assuming you have a dummy project that looks like:
src/
file.py
file2.py
tests/
test1.py
test2.py
3rdparty/
skip.py
setup.py
And you want to analyse everything except the 3rdparty folder, you can execute the following commands:
cov-configure --python
cov-build --dir foo \
--no-command \
--fs-capture-search ./ \
--fs-capture-search-exclude-regex ./3rdparty
cov-analyze --dir foo \
--all \
--aggressiveness-level high
cov-format-errors --dir foo \
--html-output results
cov-commit-defects --dir foo \
--host coverity.mycompany.com \
--stream MYSTREAM \
--auth-key-file mycoverity.key
Explanation:
cov-configure
Inform Coverity that you will be scanning Python code
cov-build
Inform Coverity to build your code. Since Python is not compiled, does not need to be built (--no-command) but it still needs to know where to get the sources from (--fs-capture-search). You can add more than one --fs-capture-search or --fs-capture-search-exclude-regex arguments to suit your needs.
cov-analyze
Perform the actual code analysis. There's a ton of switches you can pass but I think that for Python those would be enough
cov-format-errors
Generate a useful HTML report inside a new results folder. Other output formats are supported, not just HTML.
cov-commit-defects
Commit the scan results into your Coverity Connect central server at the specified stream. For the commit to work you have to identify yourself using a Coverity key file (you download this key from the Coverity server Web UI), and this file needs to be readonly for the user (i.e. chmod 400 mycoverity.key)
NOTE: All the above works fine against my company's internal Coverity server (i.e. paid product). For the free for open source version of Coverity, things might be different (have not tested it). For the later case I'd look at some of the open source projects: https://github.com/search?q=--fs-capture-search&type=Code
donhector
- 875
- 1
- 10
- 21