Scripts to facilitate import of third-party analysis results into Coverity Connect, via the third-party integration toolkit. The toolkit requires at least version 6.5 with an appropriate license; please contact your Coverity sales team if you would like to import third-party analysis results into your Coverity platform.
These scripts will generally translate the output from the third-party analysis tool into a JSON format that Coverity's cov-import-defects command understands. Your workflow will typically look like this:
- Optionally run cov-build on your codebase to improve analysis results
- Run third-party analysis tool, generating appropriate output
- Run one of these scripts to translate the third-party output for Coverity
- Run cov-import-results to import the defects
- Run cov-commit-defects to commit all the issues to Coverity Connect
Note that these scripts often do not attempt to improve the information generated by the third-party tool. For example, they do not attempt to determine the function within which specific lines are found. If the third- party tool does not name the function, that information will not be added. If you find that distinct issues are being merged into a single CID when committed to the server, you may need to provide an appropriate function name in the import file. That will enable the server to understand that the issues are not the same (assuming they are in different functions).
These scripts share a common command line format. You'll want to run the scripts with a command line like this:
python <script> [ - | file ... ]
Where '-' indicates that the input should be read from stdin
Note that the filenames listed in the analysis output need to be absolute paths. Normally, specifying an absolute path to the analysis command will ensure that the output uses the absolute path.
Script providing support for importing AdaControl results (see http://sourceforge.net/projects/adacontrol/)
Script providing support for importing Brakeman results (see http://brakemanscanner.org).
You'll need to use the --separate-models option when you run brakeman, to ensure that filenames are real as opposed to inferred.
Script providing support for importing CAT.NET results (see http://visualstudiogallery.msdn.microsoft.com/8ef8d7ba-422a-428d-86ed-74fc864a7697).
Script providing support for importing Checkstyle results (see http://checkstyle.sourceforge.net).
Script providing generic support for the Coverity import. You won't typically run this script directly; it will be imported by the main script.
Script providing support for importing Cppcheck results (see http://cppcheck.sourceforge.net).
You'll need to use the --xml-version=2 option when you run cppcheck. Note that the XML output goes to stderr, so you'll typically redirect stderr to a file or pipe so that it can be processed by cppcheck_import.py.
Script providing support for importing JSHint results (see http://www.jshint.com/). The script does not currently support the following options: --verbose, --show-non-errors.
Script providing support for importing PyLint results (see http://www.pylint.org/). The script expects to be run with the options -r n --msg-template="{path}:{line}: [{msg_id}({symbol}), {obj}] {msg}"
Script providing support for importing Valgrind results (see http://valgrind.org).
You'll need to use the --xml=yes option when you run valgrind. This script has only been used with the memcheck tool; others may or may not work.
Script providing support for importing Vera++ Community Edition results (see http://www.inspirel.com/vera/).
You'll need to use the -showrules option when you run vera++.