New Defects reported by Coverity Scan for ntpsec
Matthew.Selsky at twosigma.com
Wed Feb 8 01:32:00 UTC 2023
On Mon, Feb 06, 2023 at 10:51:02PM -0800, Hal Murray via devel wrote:
> > Do you have a coverity account?
> > https://scan.coverity.com
> > Then go to "My Dashboard" and "Add project".
> Should we document that? Where?
The account creation seems self-explanatory. Or did you want to document something else?
> It looks like Coverity is running over on github.
Yes, Coverity is pointing at the GitHub mirror.
> Is our copy-to-github stuff documented?
It's a 1-line checkbox in our GitLab repo. There's no documentation, per se.
> I'm waiting for somebody to approve me.
I approved your account.
> >> Date: Thu, 02 Feb 2023 05:48:37 +0000 (Wed 21:48 PST)
> > It was detected on Feb 5.
> So the turn around is days rather than hours.
No. We run the Coverity CI job weekly via a schedule, not on every commit since I was concerned about abusing the Coverity scanner minutes and other reasons. I think we can re-evaluate that decision since our merge rate is low enough and run Coverity on each commit, but after merging since it relies on a GitLab runner that not everyone may have access to (for reasons that I don't want to go into here).
I'll work on running Coverity post-merge.
Do you need the ability to run Coverity offline on your development host before you push?
More information about the devel