Uploaded image for project: 'Qt Quality Assurance Infrastructure'
  1. Qt Quality Assurance Infrastructure
  2. QTQAINFRA-3693

figure out how to quickly evaluate coverity reports and share issues with developers

    XMLWordPrintable

Details

    • Task
    • Resolution: Fixed
    • P2: Important
    • None
    • None
    • Static analysis

    Description

      As discussed in today's Oslo QE meeting, we need to figure out a way to quickly and painlessly share Coverity issues with developers, in order to discuss and decide which ones are worth promoting and which are false positives.

      Something like a plugin providing Jira-Coverity integration

      • automatically creating Jira tickets from the Coverity UI
      • Linking from Jira to the relevant Coverity page

      Requirements:

      • we can't expect all developers to have a Coverity login or to go in Coverity just for quick evaluation of most likely false positives, as it is quite time consuming to do so (or is it?)
      • most of the valid coverity issues are expected to have security implications; How to handle that in Jira?
        • On one side, creating public tickets might be disclosing dangerous issues
        • On the other side, restricting the bug to "Qt Security Team" (which is a very limited group) might beĀ  too restrictive for getting the feedback needed from developers.

      Notes

      HTML export of Coverity defects

      Can be achieved with tool cov-format-errors

      Attachments

        Activity

          People

            jimis Dimitrios Apostolou
            jimis Dimitrios Apostolou
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: