From 46ec5ac4df1137984dad67b3861dda2c260109fd Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Mon, 18 Oct 2021 17:18:29 -0400 Subject: [PATCH] doc: add info on project's usage of coverity Document project's used of coverity and how collaborators can get access. Signed-off-by: Michael Dawson PR-URL: https://github.com/nodejs/node/pull/40506 Reviewed-By: James M Snell Reviewed-By: Richard Lau --- doc/guides/offboarding.md | 3 +++ doc/guides/static-analysis.md | 16 ++++++++++++++++ onboarding.md | 3 +++ 3 files changed, 22 insertions(+) create mode 100644 doc/guides/static-analysis.md diff --git a/doc/guides/offboarding.md b/doc/guides/offboarding.md index 2c5ecfa9018f6c..87f21103540bef 100644 --- a/doc/guides/offboarding.md +++ b/doc/guides/offboarding.md @@ -12,3 +12,6 @@ emeritus or leaves the project. a team listing. For example, if someone is removed from @nodejs/build, they should also be removed from the Build WG README.md file in the repository. +* Open an issue in the [build](https://github.com/nodejs/build) repository + titled `Remove Collaborator from Coverity` asking that the collaborator + be removed from the Node.js coverity project if they had access. diff --git a/doc/guides/static-analysis.md b/doc/guides/static-analysis.md new file mode 100644 index 00000000000000..47047e9edcc18b --- /dev/null +++ b/doc/guides/static-analysis.md @@ -0,0 +1,16 @@ +# Static Analysis + +The project uses Coverity to scan Node.js source code and to report potential +issues in the C/C++ code base. + +Those who have been added to the Node.js coverity project can receive emails +when there are new issues reported as well as view all current issues +through [https://scan9.coverity.com/reports.htm](https://scan9.coverity.com/reports.htm). + +Any collaborator can ask to be added to the Node.js coverity project +by opening an issue in the [build](https://github.com/nodejs/build) repository +titled `Please add me to coverity`. A member of the build WG with admin +access will verify that the requestor is an existing collaborator as listed in +the [colloborators section](https://github.com/nodejs/node#collaborators) +on the nodejs/node project repo. Once validated the requestor will added +to to the coverity project. diff --git a/onboarding.md b/onboarding.md index 8a176951517f9a..76c7a3dcecd8ba 100644 --- a/onboarding.md +++ b/onboarding.md @@ -249,6 +249,8 @@ needs to be pointed out separately during the onboarding. project. The Foundation has travel funds to cover participants' expenses including accommodations, transportation, visa fees, etc. if needed. Check out the [summit](https://github.com/nodejs/summit) repository for details. +* If you are interested in helping to fix coverity reports consider requesting + access to the projects coverity project as outlined in [static-analysis][]. [Code of Conduct]: https://github.com/nodejs/admin/blob/HEAD/CODE_OF_CONDUCT.md [Labels]: doc/guides/collaborator-guide.md#labels @@ -259,6 +261,7 @@ needs to be pointed out separately during the onboarding. [`git-node`]: https://github.com/nodejs/node-core-utils/blob/HEAD/docs/git-node.md [`node-core-utils`]: https://github.com/nodejs/node-core-utils [set up the credentials]: https://github.com/nodejs/node-core-utils#setting-up-github-credentials +[static-analysis]: doc/guides/static-analysis.md [two-factor authentication]: https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/ [using a TOTP mobile app]: https://help.github.com/articles/configuring-two-factor-authentication-via-a-totp-mobile-app/ [who-to-cc]: doc/guides/collaborator-guide.md#who-to-cc-in-the-issue-tracker