[WIP] Scan with Coverity #262
Conversation
Signed-off-by: Christian Göttsche <[email protected]>
|
@fishilico could you add a secret named |
|
In the meantime, I think another option would be to set up codeql. I kind of integrated it into my fork in evverx#1 and it seems to be working I'll try to polish it a bit and open a PR here The downside is that all the alerts are hidden in the security tab of repositories, which makes it hard to keep track of reports in one place for external contributors. On the other hand, once codeql ends up in forks they are visible there too. PRs also get analyzed |
|
Travis CI is not used anymore. |
|
It should be possible to send data to Coverity Scan using GitHub actions with actions like https://github.com/avahi/avahi/blob/master/.github/workflows/coverity.yml (where https://github.com/avahi/avahi/blob/master/.github/workflows/coverity.sh is used to download Coverity and things like that). It would still be necessary to set up secrets like bus1/dbus-broker#363 though. |
This is an attempt to revive Coverity Scan.
Please do not merge but instead push to the branch
coverity_scanand replace thesecuretoken with a value fromhttps://scan.coverity.com/projects/selinuxproject-selinux/builds/new?tab=travis_ci -> Example