MAIN SCAN LADDER FAQ AMANDA CHART
ABOUT SCAN    RUNG 1 - 53 Projects SAMBA CHART
FAQ    RUNG 0 - 100 Projects  
DEVELOPER FAQ ALL PROJECTS POLICY STATEMENT
 

OSCON Tutorial Pages - JAVA BUILDS

(back to the main page)

With C/C++ projects, Coverity retrieves the sources, and does the
builds, and analysis. That is because capturing the build requires
Coverity-specific tools. That puts a workload on Coverity, and means
that projects may not get updated builds as frequently as would be
useful.

With Java projects, we analyze starting with the bytecode, so projects
can provide the code they want tested. You can integrate into a nightly
build process if desired, or generate the analysis package by hand, as
frequently as you wish.

Build your java code with javac's '-g' option, to include debugging
information. Then package your sources and compiled files into an
archive (.tgz, or .war) with the following structure:

./src/* Source files, in their normal hierarchy
./class/* compiled .class files, or .jar files


CLASSPATH A text file, containing a colon-separated list of
directories, and/or a list of jar files, one per line.
directories and jar paths should be specified relative
to the top-level directory. For example, a .jar file
right in the class/ dir would be: class/foo.jar


VERSION A text file, containing the version of the jdk used
to compile the sources or the --source argument given
to the compiler. For example, compiling with jdk 1.6,
with --source 1.4, this file should contain: 1.4

You'll want the hierarchy under the src directory to be consistent
across builds, and in the same structure that developers are accustomed
to when working in the source tree. That way the results in the UI will
be most clear.

If your project uses other Java classes which aren't from the jdk, you
can include their jar files in the class directory, and list the jar
files in the CLASSPATH file. Without sources, the analysis won't report
issues in that code, but will analyze the code and use its behaviour
when doing interprocedural analysis on your methods that call the 3rd
party classes.

For your first build, make the archive file available on a server, and
send the URL for it to me. Once we sort out any issues with the archive
processing, I'll give you an email address, project name, and password
to submit builds automatically whenever you like.

 
     
  “COVERITY'S STATIC SOURCE CODE ANALYSIS HAS PROVEN TO BE AN EFFECTIVE STEP TOWARDS FURTHERING THE QUALITY AND SECURITY OF LINUX.”  
     
     
  ANDREW MORTON,
LEAD KERNEL MAINTAINER 		  
     
     NEWS
 
  Happy First Birthday, Scan  
 
 
  Coverity Names David Maxwell as Open Source Strategist

  
 
 
  Coverity detects a security hole in X Windows that allows any user with a login to gain root privileges  
 
 
  Amanda releases major version (2.5) of the popular backup and recovery software with milestone of 0 Coverity defects  
 
 
  Scan.coverity.com results in over 1000 patches to projects in the first few weeks  
 
 
  internet.com logo
Coverity Study Ranks LAMP Code Quality		  
 
 
  eweek logo
DHS Funds Open-Source Security Project		  
 

 
©2007 COVERITY INCORPORATED | PRIVACY POLICY