Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding coverity scan to the project #1165

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Adding coverity scan to the project #1165

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
73 changes: 73 additions & 0 deletions .github/workflows/coverity.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
name: Coverity Scan
on:
push:
branches: [ develop ]
pull_request:
branches: [ develop ]
types: [opened, synchronize, ready_for_review]
workflow_dispatch:

permissions:
contents: read
pull-requests: write
actions: write
id-token: write

env:
COVERITY_PROJECT_NAME: securefederatedai-openfl
COVERITY_STREAM_NAME: securefederatedai-openfl
COVERITY_URL: https://scan.coverity.com



jobs:
build:
runs-on: ubuntu-latest
environment: dev
steps:
- name: Pre-build Cleanup
if: ${{ always() }}
continue-on-error: true
run: |
rm -fr * || true
rm -fr .* || true

- name: Checkout Source
uses: actions/checkout@v3

- name: Coverity Full Scan
uses: synopsys-sig/[email protected]
with:
coverity_url: ${{ env.COVERITY_URL }}
coverity_user: ${{ secrets.COVERITY_USER }}
coverity_passphrase: ${{ secrets.COVERITY_TOKEN}}
coverity_project_name: ${{ env.COVERITY_PROJECT_NAME }}
coverity_stream_name: ${{ env.COVERITY_STREAM_NAME }}
#coverity_policy_view: 'Outstanding Issues'
coverity_waitForScan: true # Used to support the async mode
#coverity_local: true
# coverity_install_directory: "${{ vars.COVERITY_PATH }}/cov-analysis"
### Uncomment below configuration if Synopsys Bridge diagnostic files needs to be uploaded
include_diagnostics: true

- name: Coverity PR Scan
if: ${{ github.event_name == 'pull_request' }}
uses: synopsys-sig/[email protected]
with:
coverity_url: ${{ env.COVERITY_URL }}
coverity_user: ${{ secrets.COVERITY_USER }}
coverity_passphrase: ${{ secrets.COVERITY_TOKEN}}
coverity_project_name: ${{ env.COVERITY_PROJECT_NAME }}
coverity_stream_name: ${{ env.COVERITY_STREAM_NAME }}
#coverity_policy_view: 'Outstanding Issues'
#coverity_local: true
coverity_waitForScan: true
#coverity_install_directory: "${{ vars.COVERITY_PATH }}/cov-analysis"
### Below configuration is used to enable feedback from Coverity security testing as pull request comment
coverity_prComment_enabled: true
github_token: ${{ secrets.GITHUB_TOKEN }} # Mandatory when coverity_prComment_enabled is set to 'true'

# project_directory: ${{ vars.PROJECT_DIRECTORY }}

### Uncomment below configuration if Synopsys Bridge diagnostic files needs to be uploaded
include_diagnostics: true
Loading