Description

• Dotnet (Msbuild)
• Go
• Gradle
• Maven
• Npm
• Yarn
• Make

The platforms supported are:

• Linux and
• macOS The specific platforms used in testing are Ubuntu 18.04 and macOS 11.

• this cov-scan project
• cov-analysis installed (based on the platform)

These variables rarely change from project to project and thus it makes sense to set these variables as environmental.

• PATH (add to)
  • cov-scan folder
  • cov-analysis bin folder
• COV_USER: Coverity username
• COVERITY_PASSPHRASE: Coverity user password or access key
• COV_URL: Coverity URL

Some suggestions for persistent locations are /etc/environment, /etc/profile for host or ~/.bashrc or ~/.profile for user

Example:

export PATH=$HOME\cov-scan:$HOME\cov-analysis\bin:$PATH
export COV_USER=johndoe
export COVERITY_PASSPHRASE=AC9FA40A5D8BBB4BC3D923E170514F64
export COV_URL=https://synopsys.company.com

All project-based variables have defaults and these can be overridden by setting the variabkes before running the script.

By default, if the project is

COV_PROJECT="WebGoat"
COV_STREAM="WebGoat"

If auto-capture is used, please ignore setting these variables. If these variables are used, they can be used individually or together. Setting these variables overrides the auto-detection and the analysis flags further below. For specific options, please refer to Coverity documentation

COV_BUILD_BUILD_CMD=mvn clean compile
COV_CAPTURE_FLAGS=--source-dir . --language javascript
COV_ANALYZE_FLAGS=--all --webapp-security
COV_IDIR=idir

COV_ANALYZE_QUALITY=${COV_ANALYZE_QUALITY-1} COV_ANALYZE_SECURITY=${COV_ANALYZE_SECURITY-1} COV_ANALYZE_DISTRUST_ALL=${COV_ANALYZE_DISTRUST_ALL-0} COV_ANALYZE_AUDIT_CHECKERS=${COV_ANALYZE_AUDIT_CHECKERS-0}