This tutorial is for running the coverity scan through coverity wizard. If you have already run a scan, and are looking for information on viewing and exporting the results from Coverity Connect, go to the Coverity Connect page of the tutorials.
Click "Connect" once the reservation is made. Follow the second part of the instructions in the pop-up window for "Connect to reservation using xRDP for Linux".
You may use any remote desktop program you like.
Ignore any error messages after connecting, if there are any.
Open the “Coverity Wizard” from the shortcut on the desktop.
You may create a new wizard, or use File>Open, go to "File System > srv > cov-wizard-files" and open any of the cwz files.
Set the project name to the name of the module you scan or anything you prefer and click next.
If you choose to use an existing cwz file, Coverity Wizard may automatically go to the next step "Capture" after selecting the file. Click on "Introduction" to go back and double check the project name.
Under "Capture", in working directory add “/srv/openmrs_code/org/openmrs/module/(**any module**)” and intermediate directory should be configured as “/srv/cov-wizard-files/coverity-idirs/(**module name**)”.
Consider using the same module as you did with other static analysis tools. A list of suggestions appear at the bottom of the Fortify instructions.
Add “mvn clean” as Clean command and “mvn install -DskipTests=True” as Build command and click Capture Build. Click "Continue" in the pop-up window.
Capture Build may take a long time ( about 30 minutes or more), after successful capturing click next.
Go to Commit Defects and give the Coverity server address http://vclv99-98.hpc.ncsu.edu:8080/. Generate the authentication key using your team's username and password. Note where the authentication key is saved.
Go to Analysis and click on Options and select the checkers that you want. Make sure that you enable the checker to find security vulnerabilities at least.
Click Run Analysis. It may take a long time ( about 2 hours or more).
After successful analysis click next.
Ensure that the information from Step 9 remains on Commit Defects
In Commit to stream, choose the stream "Team**team number**_csc515_**module name**_**version number**". It might take some time for the list to load.
**module name** is the module you chose previously.
Team number and version number should automatically be supplied, so you do not need to worry about those. **team number** should be your teams' login team number, and the version number is the version number of that module that is installed on the image.
Click the commit Defects button. After successful committing click on next. It may take a long time (about 30 minutes or more) .
The last step "View Results" provides a link. Ignore the link. Go to http://vclv99-98.hpc.ncsu.edu:8080/reports.htm. Select the appropriate module to view the reports on Coverity Connect.
For more information on Using and Exporting Reports from Coverity Connect, go to the Coverity Connect page of the tutorials.
Coverity wizard can also be started through the terminal using the command
cov-wizard
Note: (Step 12) It may take awhile for the list of available streams to load, particularly when there is high traffic to/from the Coverity server (e.g. in the last 48 hours before the deadline)