[Cryptech Tech] Coverity Scan

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Oct 9 09:49:33 UTC 2018


Joachim Strömbergson <joachim at assured.se> writes:

>I think we should try and get Coverity Scan up and running for Cryptech. And
>scan-build. Should we also create a mirror repo at Github?

Getting set up for Coverity is actually pretty easy, you just sign up,
download their scan tool to wherever your code is, run it, and upload the
results to Coverity.  Their web-based dashboard is a bit painful to use, but
apart from that the process is pretty straightforward.  I can provide notes on
how to do it if it's useful.

Not sure how useful OSS-Fuzz is, there's a lot of initial config and setup you
need to do and I found it easier to just run AFL directly on my code.  If it's
a library, you can use libFuzzer and honggfuzz as well, the two are fairly
easily interchangeable.

Peter.


More information about the Tech mailing list