oneDAL icon indicating copy to clipboard operation
oneDAL copied to clipboard
verified publisher icon oneapi-src

GitHub: Coverity scan enabling (Lnx)

Open vyevtyus opened this issue 4 months ago • 3 comments

Description

This PR introduces workflow for Coverity scan on the main oneDAL branch. The scan is implemented for Linux platform only, but may be extended for Windows as well, if needed. Results uploading is configured into https://scan.coverity.com/projects/uxlfoundation-onedal (please, request access in advance). Taking into account the size of the project and limitations described in https://scan.coverity.com/faq#frequency, the maximum number of weekly builds for the project is 14 (2 per day), so it was decided to set up schedule (to scan once a day) instead of scanning after every push into the main branch, but it remains configurable. Also, there is a possibility to reuse this workflow, e.g. in case there are plans to include the scan into Nightly.

Patch file placed in .github/ reflects changes in Coverity configuration files, needed to reach 85% compilation units capturing (CCUs) level as a requirement of scan.coverity.com to perform analysis (there is a lack of DPCPP compiler support by Coverity analysis).

Checklist:

Completeness and readability

  • [x] I have commented my code, particularly in hard-to-understand areas.
  • [x] Git commit message contains an appropriate signed-off-by string (see CONTRIBUTING.md for details).
  • [x] I have resolved any merge conflicts that might occur with the base branch.

Testing

  • [x] I have run it locally and tested the changes extensively.

vyevtyus avatar Sep 08 '25 15:09 vyevtyus

for patch -

  1. can we contribute it to coverity?
  2. if we would still have it - worth dropping it lower level ( .github/patches/coverity/ ?) and also putting explanatory .md file for why we have it and how to support it going forward?

napetrov avatar Sep 08 '25 15:09 napetrov

for patch -

  1. can we contribute it to coverity?
  2. if we would still have it - worth dropping it lower level ( .github/patches/coverity/ ?) and also putting explanatory .md file for why we have it and how to support it going forward?
  1. We've submitted several requests to vendor to have it implemented, but it takes significant time. Besides, the latest version for open source scan provided on https://scan.coverity.com/download?tab=cxx is relatively old and doesn't contain requested fixes.
  2. Added. Please, review.

vyevtyus avatar Sep 18 '25 15:09 vyevtyus

@vyevtyus any updates here?

icfaust avatar Dec 02 '25 20:12 icfaust