GH Workflows: Create CI job for Coverity scan

[moshekaplan]

Coverity Scan is a static source code analyzer to find bugs, security vulnerabilities, and other potential issues. This PR adds a GitHub Workflow CI job to create a new Coverity Scan build daily, to ease detection and remediation of software bugs.

Before this is merged in, the following steps are required:

1. Register the bulk_extractor project on Coverity's website here: https://scan.coverity.com/projects/ (it would be best if an official maintainer did this)
2. Create two new secrets: a) COVERITY_SCAN_EMAIL with the email address that should be notified with the scan results. It is not possible to disable the scan result emails. b) COVERITY_SCAN_TOKEN with the Project token from the Coverity project page (e.g., https://scan.coverity.com/projects/bulk_extractor?tab=project_settings )

Optionally, you may also wish to:

1. Configure Coverity to ignore directories that you don't want it to scan. (e.g., the /src/be20_api/.* directory)

After this PR is merged, GitHub will submit builds to Coverity with the schedule specified in the yaml file. However, if desired, you can trigger a manual run by going to Actions -> Coverity Scan, and clicking on the Run workflow button.

[moshekaplan]

The Coverity report from running it on my fork is available here: https://scan.coverity.com/projects/moshekaplan-bulk_extractor

[simsong]

This is super exciting. Coverity appears to be free for open source project. I'll set it up and accept your PR once I do.

[simsong]

@moshekaplan - would you like me to register your email? ;-)

[simsong]

Coverity Scan is a static source code analyzer to find bugs, security vulnerabilities, and other potential issues. This PR adds a GitHub Workflow CI job to create a new Coverity Scan build daily, to ease detection and remediation of software bugs.

Before this is merged in, the following steps are required:

1. Register the bulk_extractor project on Coverity's website here: https://scan.coverity.com/projects/ (it would be best if an official maintainer did this)
2. Create two new secrets: a) COVERITY_SCAN_EMAIL with the email address that should be notified with the scan results. It is not possible to disable the scan result emails. b) COVERITY_SCAN_TOKEN with the Project token from the Coverity project page (e.g., https://scan.coverity.com/projects/bulk_extractor?tab=project_settings )

Optionally, you may also wish to:

1. Configure Coverity to ignore directories that you don't want it to scan. (e.g., the /src/be20_api/.* directory)

After this PR is merged, GitHub will submit builds to Coverity with the schedule specified in the yaml file. However, if desired, you can trigger a manual run by going to Actions -> Coverity Scan, and clicking on the Run workflow button.

We want be20 scanned...

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (27f0336) 48.18% compared to head (990be23) 48.18%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #457   +/-   ##
=======================================
  Coverage   48.18%   48.18%           
=======================================
  Files         112      112           
  Lines       13249    13249           
=======================================
  Hits         6383     6383           
  Misses       6866     6866           

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[moshekaplan]

We want be20 scanned...

It will by default. I only used it as an example of something that you might have wanted to have ignored or treated as a separate module.