-
Notifications
You must be signed in to change notification settings - Fork 796
Coverity
Masakazu Kitajo edited this page Aug 15, 2023
·
1 revision
https://scan.coverity.com/projects/apache-traffic-server
- Find the assigned defect on Coverity
- Put your name on Owner
- Triage the issue
- If it's intentional and no action is needed
- Classification:
Intentional - Action:
Ignore
- Classification:
- If it's false positive and no action is needed
- Classification:
False Positive - Action:
Ignore
- Classification:
- If it's a bug and it needs to be fixed
- Classification:
Bug - Action:
Fix Required
- Classification:
- If you are not sure what the issue is
- Request help on the GitHub issue or Slack channel
- Continue the triage or hand over the issue to someone who can do the triage
- If it's intentional and no action is needed
If no fix is needed, close the assigned GitHub issue, and you are all set.
- Make a Pull Request to fix the issue (Don't forget to put on the magic keyword, "This closes #xxx", to close the issue automatically)
- Set Action to
Fix Submitted - Set Ext. Reference to the URL for the Pull Request
There is no way to see if your fix really resolves the issue until next scan. Get the Pull Request merged, and cross your fingers.
- Find someone who can work on it
- Encourage people to work on issues found by Coverity scan, with moderate pressure
- Don't allow increasing the number of coverity issues
- Try to close all issues found
- Open Coverity
- Find an outstanding issue that were detected after 2023-04-01 (Date is important not to expose potential security issues)
- Create a GitHub issue
- Title: <CID>: <Type>
- Labels: Coverity, and appropriate labels if any
- Assignees: Anyone who seems reasonable to look into the issue (check past modifiers if you are not sure)
- Search GitHub issues that have Coverity label
- Check the status with the assignees (Don't let the bot mark the issues as stale)
- Take a whip if necessary
Copyright 2021, dev@trafficserver.apache.org. Apache License, Version 2.0