I use Coverity to scan my project for security issues.
What I would like to know is how to exclude any java test (NOTE: both integration and unit) from the analysis results that are available after a defect commit.
I did use maven to build the project and I excluded Unit tests using the flag -Dmaven.skip.test=true
.
Though that made Coverity not scanning unit tests, it still makes it scan integration ones.
All the integration tests in my project contain the word "Test" in the file titles. Therefore I started looking at the filter section made available in Coverity. What I tried then was a regex (.*(!?(Test).*)$
) but it did not work. It seems that coverity supports two matching character (* and ?
- see image below) while it does not seem to support any negative look-around.
Is there any good way to accomplish this task in an easy and clean fashion?
Since Coverity relies on your Maven build, you can exclude:
-Dmaven.skip.test=true
-DskipTests
-DskipITs
Instead, if you have your integration tests in a separate Maven module, you can directly exclude that from the Maven build via profile, like in below example -- see extract of aggregator's pom.xml and maven command line to be launched:
<modules>
<!-- remove 'my-it-module' from this list -->
</modules>
<profiles>
<profile><id>build-it</id>
<activation><activeByDefault>true</activeByDefault></activation>
<modules><module>my-it-module</module></modules>
</profile>
</profiles>
and then mvn install -P !build-it
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With