scan.coverity is a static code analysis engine. They provide a tool that is free to use for open source software, and a website and defect management interface is available to track defects. The defect management web interface is a bit hard to use. Website for Tcl: https://scan.coverity.com/projects/tcl?tab=overview The Tcl code was updated after a three year hiatus on 2018-11-13. On the scan.coverity.com website, you can select the 'add me to the project' button in order to be an Observer (can view the defect summary), a Defect viewer (can view all of the defects), a Contributor/Member (can triage defects) or an Admin (can submit new builds). ***Process*** TBD ****Sample Scripts for Administrators**** This is a sample build script using the coverity static analysis tool. Note that the script removes the pkgs/ sub-directory, as the analysis is for Tcl, not sqlite, tclodbc* or the thread package. <<discussion>>Test Script for Coverity ======sh #!/bin/sh ver=8.6.9 sver=869 rc=rc4 set -x test -d tcl${ver} && rm -rf tcl${ver} unzip -q tcl${sver}${rc}.zip PATH=$PATH:$HOME/cov/cov-analysis-linux64-2017.07/bin cd tcl${ver} test -d pkgs && rm -rf pkgs cd unix make distclean ./configure --prefix=$HOME/cov/tcl-inst make distclean ./configure --prefix=$HOME/cov/tcl-inst cov-build --dir cov-int make ====== <<enddiscussion>> This is an example script to submit a build to Coverity. The submission script should be modified to set the version and description to what is wanted. <<discussion>>submission script ======sh #!/bin/bash ver=8.6.9 rc=rc4 desc="${ver}${rc} test" cd tcl${ver} cd unix test -f conv-int.tgz && rm -f cov-int.tgz tar cfz cov-int.tgz cov-int curl --form token=COVERITYTOKEN \ --form email=YOUREMAILADDRESS \ --form file=@cov-int.tgz \ --form version="${ver}${rc}" \ --form description="${desc}" \ https://scan.coverity.com/builds?project=tcl ====== <<enddiscussion>>