Z lukas/add coverity scan (#945)

Changelog: * integrate coverity project * add coverity daily scheduled scans to Github actions * add coverity status badge to readme.md
OpenVisualCloud · Aug 12, 2024 · ddcc041 · ddcc041
1 parent 281ccf6
commit ddcc041
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 0 deletions.
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
@@ -0,0 +1,51 @@
+name: Coverity Scan
+
+on:
+  schedule:
+    - cron: "0 0 * * *"
+  workflow_dispatch:
+
+env:
+  BUILD_TYPE: Release
+  MTL_BUILD_DISABLE_PCAPNG: true
+  PREFIX_DIR: /usr/local
+  DEBIAN_FRONTEND: noninteractive
+
+permissions:
+  contents: read
+
+jobs:
+  coverity:
+    runs-on: 'ubuntu-22.04'
+    timeout-minutes: 90
+    steps:
+    - name: 'Harden Runner'
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+      with:
+        egress-policy: audit
+
+    - name: 'Checkout repository'
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+    - name: 'Install dependencies'
+      run: |
+        sudo apt-get update -y && \
+        sudo apt-get install -y --no-install-recommends \
+            git build-essential meson python3 python3-pyelftools pkg-config \
+            libnuma-dev libjson-c-dev libpcap-dev libgtest-dev libsdl2-dev \
+            libsdl2-ttf-dev libssl-dev ca-certificates m4 clang llvm zlib1g-dev \
+            libelf-dev libcap-ng-dev libcap2-bin gcc-multilib systemtap-sdt-dev ninja-build \
+            nasm dpdk-dev librdmacm-dev && \
+        sudo apt-get clean && \
+        sudo rm -rf /var/lib/apt/lists/*
+
+    - name: 'Run coverity'
+      uses: vapier/coverity-scan-action@2068473c7bdf8c2fb984a6a40ae76ee7facd7a85 # v1.8.0
+      with:
+        project: 'Media-transport-Library'
+        email: ${{ secrets.COVERITY_EMAIL }}
+        token: ${{ secrets.COVERITY_TOKEN }}
+        build_language: 'cxx'
+        build_platform: 'linux64'
+        command: |
+            ${{ github.workspace }}/build.sh 
diff --git a/README.md b/README.md
@@ -7,6 +7,7 @@
 Scorecard](https://api.securityscorecards.dev/projects/github.com/OpenVisualCloud/Media-Transport-Library/badge)](https://api.securityscorecards.dev/projects/github.com/OpenVisualCloud/Media-Transport-Library)
 [![CodeQL](https://github.com/OpenVisualCloud/Media-Transport-Library/actions/workflows/codeql.yml/badge.svg)](https://github.com/OpenVisualCloud/Media-Transport-Library/actions/workflows/codeql.yml)
 [![Dependency Review](https://github.com/OpenVisualCloud/Media-Transport-Library/actions/workflows/dependency-review.yml/badge.svg)](https://github.com/OpenVisualCloud/Media-Transport-Library/actions/workflows/dependency-review.yml)
+[![Coverity Scan Build Status](https://scan.coverity.com/projects/30596/badge.svg)](https://scan.coverity.com/projects/media-transport-library)
 
 ## 1. Overview