mNo edit summary |
m (→Examples:) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 7: | Line 7: | ||
This service can be accessed at https://openscanhub.fedoraproject.org/. The easiest way to run an OpenScanHub scan is to submit a scan through [https://openscanhub.fedoraproject.org/scan/new/ create new scan] form. You need to login by clicking `krb5login` link before submitting the scan. See the examples section about how to obtain a kerberos ticket. | This service can be accessed at https://openscanhub.fedoraproject.org/. The easiest way to run an OpenScanHub scan is to submit a scan through [https://openscanhub.fedoraproject.org/scan/new/ create new scan] form. You need to login by clicking `krb5login` link before submitting the scan. See the examples section about how to obtain a kerberos ticket. | ||
Alternatively, you can install the command line client by running: <code>dnf install -y osh-client</code> | Alternatively, you can install the command line client by running: <code>dnf install -y osh-client</code>. You need to enable OpenScanHub Copr repository before running it: <code>dnf copr enable @openscanhub/production</code>. | ||
==== Examples: ==== | ==== Examples: ==== | ||
You need a valid kerberos ticket to run these commands. It can be obtained by running <code>kinit <FAS_USERNAME>@FEDORAPROJECT.ORG</code>. | You need a valid kerberos ticket to run these commands. It can be obtained by running <code>kinit <FAS_USERNAME>@FEDORAPROJECT.ORG</code>. Kerberos login would require `dns_canonicalize_hostname = true` in `/etc/krb5.conf`. Related documentation can be found at https://fedoraproject.org/wiki/Infrastructure/Kerberos#Extra_info_for_Infrastructure_people. | ||
* <code>mock-build</code> performs a full scan on the package: <code>osh-cli mock-build --config="fedora-39-x86_64" --nvr units-2.22-6.fc39</code> | * <code>mock-build</code> performs a full scan on the package: <code>osh-cli mock-build --config="fedora-39-x86_64" --nvr units-2.22-6.fc39</code> | ||
| Line 20: | Line 21: | ||
* SRPMs built locally can be scanned through: <code>osh-cli mock-build --config="<config name>" <path to SRPM></code> | * SRPMs built locally can be scanned through: <code>osh-cli mock-build --config="<config name>" <path to SRPM></code> | ||
* A more verbose logs of the compiler output can be seen through executing `csgrep` command on the raw output. For example, `curl -s 'https://openscanhub.fedoraproject.org/task/16/log/added.js?format=raw' | csgrep`. `csgrep` command can be installed through: `dnf install -y csdiff`. | |||
=== Related Links === | === Related Links === | ||
Latest revision as of 13:11, 3 May 2024
OpenScanHub
OpenScanHub is a service that runs various static analyzers on RPM packages. OpenScanHub by default uses Cppcheck, ShellCheck, the static analyzers embedded in GCC and Clang, and the find-unicode-control tool. Other tools for static (and dynamic) analysis can be enabled on demand while submitting an OpenScanHub task.
How to use it?
This service can be accessed at https://openscanhub.fedoraproject.org/. The easiest way to run an OpenScanHub scan is to submit a scan through create new scan form. You need to login by clicking krb5login link before submitting the scan. See the examples section about how to obtain a kerberos ticket.
Alternatively, you can install the command line client by running: dnf install -y osh-client. You need to enable OpenScanHub Copr repository before running it: dnf copr enable @openscanhub/production.
Examples:
You need a valid kerberos ticket to run these commands. It can be obtained by running kinit <FAS_USERNAME>@FEDORAPROJECT.ORG. Kerberos login would require dns_canonicalize_hostname = true in /etc/krb5.conf. Related documentation can be found at https://fedoraproject.org/wiki/Infrastructure/Kerberos#Extra_info_for_Infrastructure_people.
mock-buildperforms a full scan on the package:osh-cli mock-build --config="fedora-39-x86_64" --nvr units-2.22-6.fc39
version-diff-buildperforms a differential scan between two different version of packages:osh-cli version-diff-build --config=fedora-39-x86_64 --brew-build units-2.22-6.fc39 --base-config=fedora-39-x86_64 --base-brew-build units-2.21-5.fc37
diff-buildperforms a differntial scan with the downstream patches:osh-cli diff-build --config="fedora-39-x86_64" --nvr units-2.22-6.fc39
- SRPMs built locally can be scanned through:
osh-cli mock-build --config="<config name>" <path to SRPM>
- A more verbose logs of the compiler output can be seen through executing
csgrepcommand on the raw output. For example,curl -s 'https://openscanhub.fedoraproject.org/task/16/log/added.js?format=raw' | csgrep.csgrepcommand can be installed through:dnf install -y csdiff.
Related Links
- GitHub - https://github.com/openscanhub/openscanhub
- Developer documentation - https://github.com/openscanhub/openscanhub/blob/main/docs/development.md
- Homepage - https://openscanhub.dev/
- Mailing list - https://lists.fedoraproject.org/archives/list/openscanhub@lists.fedoraproject.org/