UPDATE: See the solution in Caleb's answer
I am trying really hard to make Coverity work for my build, but so far with little success.
First the details:
I started by downloading a package from: https://scan.coverity.com/download/java/win64
Then I added the bin directory to my path, went to my project root and ran the following commands.
$ set PATH=%PATH%;C:\Users\dimit\sandbox\cov-analysis\bin
$ gradlew clean
$ cov-build --dir cov-int gradlew jar
The first 2 went as expected, the last - not so much:
Coverity Build Capture (32-bit) version 8.7.0 on Windows 10 Professional, 64-bit (build 14393)
Internal version numbers: b452b3f2c8 p-lodi-push-28091.612
The system cannot execute the specified program.
[WARNING] Build command gradlew.bat jar exited with code 1. Please verify that the build completed successfully.
[WARNING] No files were emitted. This may be due to a problem with your configuration
or because no files were actually compiled by your build command.
Please make sure you have configured the compilers actually used in the compilation.
For more details, please look at:
C:/Users/dimit/sandbox/nuggets/cov-int/build-log.txt
I have put the build log here: https://gist.github.com/ddimtirov/9daa0e9f1f0954453f01fcec42ae2198
The "Troubleshoot build failure" on the instructions page was pointing to a forum index page, which does not help at all: https://software-community-synopsys.force.com/s/#4838
Moving on, I thought that if I could only generate the data in some other way I could upload it to the scan service and bypass the problem. I found https://github.com/mjdetullio/gradle-coverity-plugin
The Gradle Coverity plugin emitted the data, but when I zipped it and uploaded to the scan service, it barfed the error email.
As last resort, I tried the TravisCI integration - after a few attempts, I got it to complete without an error, but it didn't seem to upload anything...
https://travis-ci.org/ddimtirov/nuggets/builds/196307253 https://scan.coverity.com/projects/ddimtirov-nuggets?tab=overview
I am close to giving up (BTW, not having docs available online doesn't help)
Coverity only supports Kotlin projects that are targeted to JVM or Android, not other platforms. For multi-platform projects, Coverity only captures Kotlin source files that are targeted to the supported platforms.
Coverity is a static analysis tool. The starting point with Coverity is what we call central analysis. Periodically, an automated process will check out your code from your source control system and then build and analyze it with Coverity. Those results are then sent to a Coverity server.
Coverity® is a fast, accurate, and highly scalable static analysis (SAST) solution that helps development and security teams address security and quality defects early in the software development life cycle (SDLC), track and manage risks across the application portfolio, and ensure compliance with security and coding ...
This issue arose because a Windows 32-bit kit was used to attempt to capture a Windows 64-bit build. The attempt to attach a 32-bit process to a 64-bit one causes failure to execute.
This issue appears to be due to an incompatibility between Coverity's Java Capture and the ErrorProne plugin, as evidenced by messages such as this one in the build log:
WARNING: Failed load class file java/io/FileNotFoundException.class as a resource using the class loader net.ltgt.gradle.errorprone.ErrorProneCompiler$SelfFirstClassLoader@36358417
A few things to note, because reading our documentation is crucial to using our tool successfully:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With