November 25, 2015 - Stefan Schmidt

Making Your Open Source Code Shine With Travis CI and Coverity Scan Service

This year at LinuxCon EU, I gave a talk titled Static Analysis of Your OSS Project with Coverity. In this talk, I briefly touched on using the Travis Continuous Integration system to submit builds to the Coverity Scan service (slide 22). This is an extremely easy way for GitHub projects to use static analysis, and I think it deserves some more detail. While I was setting it up for another project I’m working on, I collected some notes to provide a steb-by-step guide to enable it for a project you have on GitHub.

The project I’ll be using as an example is wpan-tools, the user space tools for Linux IEEE 802.15.4 stack. It is written in C with autotools for the build system, and it has only a few dependencies, making it easy to understand this guide. The final goal is to automatically submit new builds to the Coverity Scan Service whenever new code is pushed to a specific branch. On the way, we will enable builds with GCC and Clang for every push to the GitHub repository by using Travis CI.

As a pre-requirement for this is that that your project must be hosted on GitHub (requirement of Travis CI), and it must be open source software (requirement of Travis CI and Coverity Scan Service). Both solutions are also available for proprietary code as a paid service, but this will not be covered in this article.

Step 1: Set up Your Build with Travis CI

  1. Register an account on with your GitHub account.
  2. Once logged in, you should be able to sync your repositories from GitHub.
  3. Enable the repository you want to work on.
  4. Create a .travis.yml file for your own needs

In the case of my example, I want to build for both available compilers: gcc and clang. I have a project written in C and two dependencies that need to be installed: libnl-3-dev and libnl-genl-3-dev. For the build itself, I need to run first to get the configure script because I am building from git. With this information, I can create a simple .travis.yml that caters to my needs:

If you want to use the new container based infrastructure you need add sudo: false and change the dependency handling accordingly. This new setup seems to be faster and the old one is already considered legacy, so I would recommend to upgrade:

A word of warning about the file format. Make sure you use the correct indent. It is just as picky as python about it. 🙂

If you have a more complicated build setup you should have a look at the Travis CI documentation which covers way more then the small preview I gave here.

After adding the .travis.yml file with this content to your repo, push it to GitHub and your first build should run. For wpan-tools the current status is:

Step 2: Use Travis CI to Submit Builds to Coverity

  1. Log in with your GitHub account. If you already have another Coverity Scan account with the same email address you use for your GitHub account, it will be detected and the GitHub account will be linked to your existing account.
  2. Add a new project using the GitHub project type. An index with all of your GitHub projects could be found here when logged in.
  3. Configure Travis-CI to submit builds to Coverity Scan Service

Coverity already provides most of the details needed to fill into your .travis.yml file on the project pages if you go to Submit Build -> Configure Travis CI. My example looks like this (the secure token was replaced with XXX here and would look way longer in your case):

Combined with my previous configuration the full configuration in my case looks like this:

Another word of warning here: make sure you add the covery_scan addon section to the already existing addon section for apt. If you just add another addon section below, it will override the first one and no package dependencies will get installed.

The only other change we did compared to the generated config is adding the needed into the build_command_prepend. Some more information can be found on the Coverity Scan documentaion about the Travis CI integration.

If you now push your code to the coverity_scan branch it will trigger a build and submit the result for a scan. The current status for wpan-tools is:

Squashing Open Source Bugs

As you can see on the screen shot below our first run revealed 4 defects in 16800 lines of code (after the C preprocessor). With a defect density of 0.24 this is way below industry average which is set to one per 1000 lines of code here. In other words this means we only have 2.4 defects per 10000 lines of code. Even these four are fixed now and we will try to keep a zero defect rate for the future now that we enabled this functionality on our main repository. I hope you enjoyed this short post and are able to enable static analysis for your project as well.



Stefan Schmidt

About Stefan Schmidt

Stefan Schmidt has been a FOSS contributor for over 10 years. During this time he worked on a variety of projects and different layers of the Linux ecosystem. In the past, he has worked on bootloaders and the Linux kernel to port Linux 2.6 to Motorola smartphones, on the OpenEZX project, and on the user interface for OpenMoko.

He was technical steering committee member of OpenEmbedded during its merge with the Yocto project and he’s used OpenEmbedded in various private and commercial projects. Currently, he is the release manager of the Enlightenment Foundation Libraries, and was previously the maintainer of dfu-utils.

He works for the Samsung Open Source Group Europe, and focuses on Enlightenment Foundations Libraries, Wayland and the IEEE 802.15.4 and 6LoWPAN Linux stack.

Image Credits: Open Source Way

Development / Linux / Uncategorized Continuous Integration / Coverity / linux-wpan / Static Analysis / Travis CI / wpan-tools /

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments Protected by WP-SpamShield Anti-Spam