I've been looking at the Qpid-Java Coverity project and can't see a way to modify its FindBugs configuration, e.g. uploading a FindBugs filter.xml file. The closest I can do is to upload a "Model File" to override how Coverity treats specific third-party method calls, but I don't think that would achieve the same thing.
Does anyone else have experience with this? Phil On 17 July 2013 13:53, Phil Harvey <[email protected]> wrote: > I'm in the process of getting this set up. > > In a wider context, I would like to work towards a situation where > developers can run a scan against local (ie not yet committed) code. The > rationale is to get feedback about potential issues as early as possible. > > For Java code this should be possible by running FindBugs locally (either > from Ant, Maven or using an IDE plugin), using the same rules that we've > set up on Coverity. I think this means we'd check in the rule config > somewhere in svn. > > I must confess I don't know what the C/C++ equivalent would be. > > Phil > On 16 Jul 2013 15:24, "Steve Huston" <[email protected]> wrote: > >> This would be great, Phil! We currently are not scanning the Java code, >> but it would be great if you can set up the Java scan. If you'd like some >> help from Coverity please let me know - the mgr I worked with to get the >> C++ scan going was eager to get Java projects in as well - but they >> couldn't scan Java at that time. >> >> > -----Original Message----- >> > From: [email protected] >> > [mailto:[email protected]] On Behalf Of Phil Harvey >> > Sent: Tuesday, July 16, 2013 8:09 AM >> > To: [email protected] >> > Subject: Re: New Defects reported by Coverity Scan for Apache-Qpid >> > >> > Hi Steve, >> > >> > I'd be happy to help make sense of the Java results. >> > >> > I'll set up a Coverity account now. >> > >> > Thanks >> > Phil >> > >> > >> > On 2 July 2013 15:43, Steve Huston <[email protected]> wrote: >> > >> > > Yes, I noticed that too - and Coverity was fairly eager to get a scan >> > > of the Qpid Java code back when we started, but they weren't ready to >> > > scan Java quite yet. >> > > >> > > If anyone would like to tackle the Java scans, and is not yet signed >> > > up at coverity.com, please let me know and I'll help get you going. >> > > >> > > From: Rob Godfrey [mailto:[email protected]] >> > > Sent: Tuesday, July 02, 2013 10:41 AM >> > > To: qpid >> > > Cc: Steve Huston >> > > Subject: Re: New Defects reported by Coverity Scan for Apache-Qpid >> > > >> > > As an aside, I notice that they seem to have enabled scanning of Java >> > > projects as well as C++ now... we should maybe look to see what a >> > > coverity scan of the Java code looks like >> > > >> > > -- Rob >> > > >> > > <snip> >> > > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >>
