Covertiy for Duplicati?


i just wanted to ask if you think that Coverity might be an interesting option for Duplicati. Coverity is a static code analysis tool that helps to detect non-obvious errors. It is free for open source projects and can easily be used with projects hosted at github. I have not checked all the requirements that are stated on their site, like license and things like that.

More infos are available here: Coverity Scan - Github Integration

Looks interesting, though I wonder what it actually checks for - buffer overflows and the like?

Did you notice it was originally set up by the US Department of Homeland Security?

I noticed (but haven’t looked at) unit testing in the codebase as well, but I’m not sure if that’s something individual developers should be working with or if it’s geared more towards the final trunk approval process.

I did set it up at some point:

I can’t remember if this was the one that did work, or if I never got it working.

Yes, you are right, it shows Duplicati scan status as ‘Pending’.
I don’t know how Coverity works, so unfortunately I can’t help you with setting up the project, maybe someone else can. Assuming that you want to invest time in that of course :slight_smile:

I would like to get it working, but I am not sure why it fails to pick up the coverity_scan branch and just keeps saying that no builds are submitted.

I would like to help you, but I also have no experience with Coverity yet. Did you follow the advice of the FAQ here: Coverity Scan - Travis CI Integration ?
Because, I could not find any signs of coverity in your .travis.yml, so I assume some steps after no. 9 are still missing. But I am just guessing around :slight_smile:

Ok, I tried the steps to update the .travis.yml and am running a Travis build now, lets see what happens.

That did not work out, did it? Do you get any kind of error reporting?
The default way and the alternative to the Travis integration seems to be that you download the coverity build scan tool, do some kind of offline project build analysis and upload the results back to coverity. If something fails there is a log file that should give you a hint.
I will try to do this with a test project when I find the time just to see how it works, maybe I can come back with some more information for you.

Not that I am aware of. It seems that it simply does not pick up that it should run with the “coverity_scan” branch.

Ok, much appreciated.