[ofiwg] coverity replacement

Jeff Squyres (jsquyres) jsquyres at cisco.com
Fri Mar 16 15:26:36 PDT 2018


Yes, this appears to be good news (that it's back, at least).

I was waiting for scan.coverity.com to be back up again before mailing the list -- as of right now (~6:30pm US Eastern), I still get a proxy timeout when attempting to access scan.coverity.com.



> On Mar 16, 2018, at 6:23 PM, Jeff Hammond <jeff.science at gmail.com> wrote:
> 
> To be more explicit, the message is below.
> 
> ---------- Forwarded message ----------
> From: Coverity SCAN <scan-admin at coverity.com>
> Date: Fri, Mar 16, 2018 at 2:18 PM
> Subject: Coverity SCAN is Again Available
> Coverity SCAN Service Community:
> 
> As you may be aware, there recently was an interruption in the availability of the Coverity Scan service. In February 2018, we discovered that servers used for the Coverity Scan service were accessed by an unauthorized third-party. The access appears to have started earlier in the month. We suspect that the access was to utilize our computing power for cryptocurrency mining. We have not found evidence that database files or artifacts uploaded by the open source community users of the Coverity Scan service were accessed. We retained a well-known computer forensics company to assist us in our investigation.
> 
> We have closed the method of access, and the Coverity Scan service is again available as a free service to the open source community. The Coverity Scan service data is backed up frequently, and Coverity Scan service data will be restored. We regret any inconvenience caused by the downtime of the Coverity Scan service.
> 
> We take our commitment to the Open Source community seriously. To that end, we are asking that all Coverity Scan users reset their passwords to regain access to the service. We are continually assessing and improving our systems and practices in this environment, and will work with the Coverity Scan Service community in this effort.
> 
> Please note that the servers in question were not connected to any other Synopsys computer networks. This should have no impact on customers of our commercial products, and this event did not put any Synopsys corporate data or intellectual property at risk.
> 
> If you have any questions or concerns, please contact us at scan-admin at synopsys.com.
> 
> 
> 
> On Fri, Mar 16, 2018 at 3:21 PM, Jeff Hammond <jeff.science at gmail.com> wrote:
> I assume you all saw the update an hour or two ago explaining the absence.  If not, look for it.
> 
> Jeff
> 
> On Wed, Mar 14, 2018 at 1:29 PM, Jeff Squyres (jsquyres) <jsquyres at cisco.com> wrote:
> We could certainly try them all and see which one(s) we like.
> 
> I have no real opinion -- we've been using Coverity for forever; it's disappointing that it has gone offline with zero word from their owners (even if they told us "no, we're not doing this anymore", that would be better than silence).
> 
> 
> 
> > On Mar 14, 2018, at 4:05 PM, Paulson, Erik R <erik.r.paulson at intel.com> wrote:
> >
> > Looking at Code Climate's website, it looks like they don't support C.
> >
> > I found this tool: https://about.sonarcloud.io/ I have never used it before, but it says it supports C and is free for open source.
> >
> >
> > -Erik
> >
> > -----Original Message-----
> > From: ofiwg [mailto:ofiwg-bounces at lists.openfabrics.org] On Behalf Of Hefty, Sean
> > Sent: Wednesday, March 14, 2018 12:17 PM
> > To: ofiwg at lists.openfabrics.org
> > Subject: [ofiwg] coverity replacement
> >
> > The ofiwg github projects have made use of Coverity for static code analysis, which has proven useful in identifying bugs without generating hundreds of false warnings (I'm looking at you Klockwork).  However, it went down for maintenance nearly a month ago, with no responses to emails or updates on when or if the service will ever come back.
> >
> > At this point, I think we need to look at alternatives.  Does anyone have any personal recommendations on any analysis tools that integrate with github?  I've done some searches for possible replacements, and Code Climate came up as a possible alternative.  Has anyone used this or know of something better?
> >
> > https://codeclimate.com/pricing/
> >
> > We are still using Travis CI and AppVeyor for testing, so this would primarily be for static analysis.
> >
> > - Sean
> > _______________________________________________
> > ofiwg mailing list
> > ofiwg at lists.openfabrics.org
> > http://lists.openfabrics.org/mailman/listinfo/ofiwg
> > _______________________________________________
> > ofiwg mailing list
> > ofiwg at lists.openfabrics.org
> > http://lists.openfabrics.org/mailman/listinfo/ofiwg
> 
> 
> --
> Jeff Squyres
> jsquyres at cisco.com
> 
> _______________________________________________
> ofiwg mailing list
> ofiwg at lists.openfabrics.org
> http://lists.openfabrics.org/mailman/listinfo/ofiwg
> 
> 
> 
> -- 
> Jeff Hammond
> jeff.science at gmail.com
> http://jeffhammond.github.io/
> 
> 
> 
> -- 
> Jeff Hammond
> jeff.science at gmail.com
> http://jeffhammond.github.io/


-- 
Jeff Squyres
jsquyres at cisco.com




More information about the ofiwg mailing list