From Fedora Project Wiki

mNo edit summary
m (Fix typos)
 
(2 intermediate revisions by 2 users not shown)
Line 5: Line 5:
=== How to use it? ===
=== How to use it? ===


This service can be accessed at https://openscanhub.fedoraproject.org/. The easiest way to run an OpenScanHub scan is to submit a scan through [https://openscanhub.fedoraproject.org/scan/new/ create new scan] form. You need to login by clicking `krb5login` link before submitting the scan. See the examples section about how to obtain a kerberos ticket.
This service can be accessed at [https://openscanhub.fedoraproject.org/ openscanhub.fedoraproject.org]. The easiest way to run an OpenScanHub scan is to submit a scan through [https://openscanhub.fedoraproject.org/scan/new/ create new scan] form. You need to login by clicking `krb5login` link before submitting the scan. See the examples section about how to obtain a kerberos ticket.


Alternatively, you can install the command line client by running: <code>dnf install -y osh-client</code>. You need to enable OpenScanHub Copr repository before running it: <code>dnf copr enable @openscanhub/production</code>.
Alternatively, you can install the command line client by running: <code>dnf install -y osh-client</code>.


==== Examples: ====
==== Examples: ====


You need a valid kerberos ticket to run these commands. It can be obtained by running <code>kinit <FAS_USERNAME>@FEDORAPROJECT.ORG</code>. Kerberos login would require `dns_canonicalize_hostname = false` in `/etc/krb5.conf`. Related documentation can be found at https://fedoraproject.org/wiki/Infrastructure/Kerberos#Extra_info_for_Infrastructure_people.
You need a valid kerberos ticket to run these commands. It can be obtained by running <code>kinit <FAS_USERNAME>@FEDORAPROJECT.ORG</code>. Kerberos login would require `dns_canonicalize_hostname = false` in `/etc/krb5.conf`. Related documentation can be found at [https://fedoraproject.org/wiki/Infrastructure/Kerberos#Extra_info_for_Infrastructure_people Kerberos#Extra_info_for_Infrastructure_people].




* <code>mock-build</code> performs a full scan on the package: <code>osh-cli mock-build --config="fedora-39-x86_64" --nvr units-2.22-6.fc39</code>
* <code>mock-build</code> performs a full scan on the package: <code>osh-cli mock-build --config="fedora-39-x86_64" --nvr units-2.22-6.fc39</code>


* <code>version-diff-build</code> performs a differential scan between two different version of packages: <code>osh-cli version-diff-build --config=fedora-39-x86_64 --brew-build units-2.22-6.fc39 --base-config=fedora-39-x86_64 --base-brew-build units-2.21-5.fc37</code>
* <code>version-diff-build</code> performs a differential scan between two different versions of packages: <code>osh-cli version-diff-build --config=fedora-39-x86_64 --brew-build units-2.22-6.fc39 --base-config=fedora-39-x86_64 --base-brew-build units-2.21-5.fc37</code>


* <code>diff-build</code> performs a differntial scan with the downstream patches: <code>osh-cli diff-build --config="fedora-39-x86_64" --nvr units-2.22-6.fc39</code>
* <code>diff-build</code> performs a differntial scan with the downstream patches: <code>osh-cli diff-build --config="fedora-39-x86_64" --nvr units-2.22-6.fc39</code>
Line 22: Line 22:
* SRPMs built locally can be scanned through: <code>osh-cli mock-build --config="<config name>" <path to SRPM></code>
* SRPMs built locally can be scanned through: <code>osh-cli mock-build --config="<config name>" <path to SRPM></code>


* A more verbose logs of the compiler output can be seen through executing `csgrep` command on the raw output. For example, `curl -s 'https://openscanhub.fedoraproject.org/task/16/log/added.js?format=raw' | csgrep`. `csgrep` command can be installed through: `dnf install -y csdiff`.
* A more verbose log of the compiler output can be seen through executing `csgrep` command on the raw output. For example, `curl -s 'https://openscanhub.fedoraproject.org/task/16/log/added.js?format=raw' | csgrep`. `csgrep` command can be installed through: `dnf install -y csdiff`.


=== Related Links ===
=== Related Links ===

Latest revision as of 15:14, 6 August 2024

OpenScanHub

OpenScanHub is a service that runs various static analyzers on RPM packages. OpenScanHub by default uses Cppcheck, ShellCheck, the static analyzers embedded in GCC and Clang, and the find-unicode-control tool. Other tools for static (and dynamic) analysis can be enabled on demand while submitting an OpenScanHub task.

How to use it?

This service can be accessed at openscanhub.fedoraproject.org. The easiest way to run an OpenScanHub scan is to submit a scan through create new scan form. You need to login by clicking krb5login link before submitting the scan. See the examples section about how to obtain a kerberos ticket.

Alternatively, you can install the command line client by running: dnf install -y osh-client.

Examples:

You need a valid kerberos ticket to run these commands. It can be obtained by running kinit <FAS_USERNAME>@FEDORAPROJECT.ORG. Kerberos login would require dns_canonicalize_hostname = false in /etc/krb5.conf. Related documentation can be found at Kerberos#Extra_info_for_Infrastructure_people.


  • mock-build performs a full scan on the package: osh-cli mock-build --config="fedora-39-x86_64" --nvr units-2.22-6.fc39
  • version-diff-build performs a differential scan between two different versions of packages: osh-cli version-diff-build --config=fedora-39-x86_64 --brew-build units-2.22-6.fc39 --base-config=fedora-39-x86_64 --base-brew-build units-2.21-5.fc37
  • diff-build performs a differntial scan with the downstream patches: osh-cli diff-build --config="fedora-39-x86_64" --nvr units-2.22-6.fc39
  • SRPMs built locally can be scanned through: osh-cli mock-build --config="<config name>" <path to SRPM>

Related Links