Using coverity scan to find issues on ManageIQ

Developers
#1

Hi,
My name is Eyal and I’m from the oVirt.org CI group which handles all the automation and CI infrastructure for oVirt.

We have been successfully using https://scan.coverity.com/ for the past few years to run static code analysis and helped find various security and code issues in oVirt.

The service is given for free for OSS projects.

I was wondering if ManageIQ considered using it as well, and if so, who will be the best person to talk to about adding it?

#2

What kind of code issues are you suggesting that coverity might help finding, given that MiQ is in Ruby on Rails (dynamic language + a web framework with very specific rules) , and the project is also spread across many repos? (which don’t really live as standalone projects that can be ran autonomously)