6

I use Coverity to scan my project for security issues.

What I would like to know is how to exclude any java test (NOTE: both integration and unit) from the analysis results that are available after a defect commit.

I did use maven to build the project and I excluded Unit tests using the flag -Dmaven.skip.test=true. Though that made Coverity not scanning unit tests, it still makes it scan integration ones.

All the integration tests in my project contain the word "Test" in the file titles. Therefore I started looking at the filter section made available in Coverity. What I tried then was a regex (.*(!?(Test).*)$) but it did not work. It seems that coverity supports two matching character (* and ? - see image below) while it does not seem to support any negative look-around.

Screenshot offering * and ? wildcards

Is there any good way to accomplish this task in an easy and clean fashion?

Chenmunka
  • 685
  • 4
  • 21
  • 25
LoreV
  • 575
  • 5
  • 25

1 Answers1

2

Since Coverity relies on your Maven build, you can exclude:

  • compilation and execution of both unit tests (by Surefire plugin) and integration tests (by Failsafe plugin) by adding -Dmaven.skip.test=true
  • execution of both unit and integration tests via -DskipTests
  • execution of integration tests via -DskipITs

Instead, if you have your integration tests in a separate Maven module, you can directly exclude that from the Maven build via profile, like in below example -- see extract of aggregator's pom.xml and maven command line to be launched:

<modules>
  <!-- remove 'my-it-module' from this list -->
</modules>
<profiles>
    <profile><id>build-it</id>
        <activation><activeByDefault>true</activeByDefault></activation>
        <modules><module>my-it-module</module></modules>
    </profile>
</profiles>

and then mvn install -P !build-it

PaoloC
  • 3,817
  • 1
  • 23
  • 27