Code Scan - Coverity

Integrate Coverity scan to Opsera pipeline as a security gate.

Tool Registry Setup

Coverity Tool Configuration

  1. Click Tool Registry under Operations in Home page .

  2. Click ‘+ New Tool’ button to add Coverity.

3. Locate the Coverity tool and click ‘Select Tool’ button.

4. Provide a Tool Name and select Coverity as Tool Identifier.

5. Provide a description and click Create .

6. In Tool Details of new Coverity tool, navigate to the Connections tab and provide URL, Username and Password, upload the license file by clicking the ‘Select Coverity License’ button.

 

7. Click the ‘Save’ button. Navigate to Usage tab or another tab, then back to Connection tab. Click ‘Test Connection’ button to validate the connectivity. If tool connection is successful, you will receive the following messages:

Jenkins Tool Account Configuration using Coverity

  1. Navigate to Tool Registry and choose the Jenkins tool associated with your pipeline.

2. In Accounts tab click '+ Register New Account Credentials' button.

3. Select Coverity from the Platform dropdown and the Coverity tool from the Tool drop down. Provide a Credential Name and Description for pipeline reference.

Jenkins Tool Job Configuration using Coverity

Coverity provides Linux Windows-based support as well as Ubuntu support.

  1. Navigate to the Jobs tab and select ‘+ New Jenkins Job’ button

  2. Select Coverity Scan from the Job Type dropdown. Provide a Name and Description for pipeline reference. Select ‘Ubuntu Agent’ or ‘Windows Agent’ from the Agent Label dropdown.

  3. Click the ‘Create’ button.

Coverity Pipeline

Coverity Pipeline Configuration

1. Navigate to Pipelines to add Coverity tool to pipeline for code scan.

2. Open any pipeline and Click workflow → Edit Workflow → Click + icon to add Coverity step

 

3. Provide a unique Step Name of your choice. Choose Coverity from the Tool dropdown.

4. Click the ‘Save’ button and Click the Setting wheel icon to add the Coverity Configurations from Tool Registry.

 

5. Choose the Jenkins tool associated with the Coverity Tool

 

6. Select the Coverity Tool, Coverity Credentials and Coverity Project Name from the respective dropdown.

7. Provide the Coverity Stream Name.

8. From the .Net CLI Type dropdown, select .Net (core) or .Net Framework.

9. From the .Net SDK Version dropdown, select the .Net Framework or .Net Core Version.

10. Make selections from the following dropdowns to choose what needs to be scanned: Select SCM Account , Repository and Branch.

11. Click ‘Save’ button and exit the Step Configuration form.

12. Click Start Pipeline to execute the Coverity Step.

Pipeline Logs

1. Navigate to Summary view to validate the Coverity Console output.

2. Click ‘Console Log’ to view the logs.

3. Click the X on top of the screen to go to the summary view to validate other stages in the pipeline.