scan.coverity is a static code analysis engine.
They provide a tool that is free to use for open source software,
and a website and defect management interface is available to
track defects.
The defect management web interface is a bit hard to use.
Website for Tcl: https://scan.coverity.com/projects/tcl?tab=overview
The Tcl code was updated after a three year hiatus on 2018-11-13.
On the scan.coverity.com website, you can select the 'add me to the project'
button in order to be an Observer (can view the defect summary), a Defect viewer
(can view all of the defects), a Contributor/Member (can triage defects) or
an Admin (can submit new builds).
***Process***
TBD
****Sample Scripts for Administrators****
This is a sample build script using the coverity static analysis tool.
Note that the script removes the pkgs/ sub-directory, as the analysis
is for Tcl, not sqlite, tclodbc* or the thread package.
<<discussion>>Test Script for Coverity
======sh
#!/bin/sh
ver=8.6.9
sver=869
rc=rc4
set -x
test -d tcl${ver} && rm -rf tcl${ver}
unzip -q tcl${sver}${rc}.zip
PATH=$PATH:$HOME/cov/cov-analysis-linux64-2017.07/bin
cd tcl${ver}
test -d pkgs && rm -rf pkgs
cd unix
make distclean
./configure --prefix=$HOME/cov/tcl-inst
make distclean
./configure --prefix=$HOME/cov/tcl-inst
cov-build --dir cov-int make
======
<<enddiscussion>>
This is an example script to submit a build to Coverity.
The submission script should be modified to set the version and description
to what is wanted.
<<discussion>>submission script
======sh
#!/bin/bash
ver=8.6.9
rc=rc4
desc="${ver}${rc} test"
cd tcl${ver}
cd unix
test -f conv-int.tgz && rm -f cov-int.tgz
tar cfz cov-int.tgz cov-int
curl --form token=COVERITYTOKEN \
--form email=YOUREMAILADDRESS \
--form file=@cov-int.tgz \
--form version="${ver}${rc}" \
--form description="${desc}" \
https://scan.coverity.com/builds?project=tcl
======
<<enddiscussion>>