From Fedora Project Wiki
mNo edit summary |
m (Fix typos) |
||
| (6 intermediate revisions by 3 users not shown) | |||
| Line 5: | Line 5: | ||
=== How to use it? === | === How to use it? === | ||
This service can be accessed at https://openscanhub.fedoraproject.org/. The easiest way to run an OpenScanHub scan is to submit a scan through [https://openscanhub.fedoraproject.org/scan/new/ create new scan] form. You need to login by clicking `krb5login` link before submitting the scan. See the examples section about how to obtain a kerberos ticket. | This service can be accessed at [https://openscanhub.fedoraproject.org/ openscanhub.fedoraproject.org]. The easiest way to run an OpenScanHub scan is to submit a scan through [https://openscanhub.fedoraproject.org/scan/new/ create new scan] form. You need to login by clicking `krb5login` link before submitting the scan. See the examples section about how to obtain a kerberos ticket. | ||
Alternatively, you can install the command line client by running: <code>dnf install -y osh-client</code> | Alternatively, you can install the command line client by running: <code>dnf install -y osh-client</code>. | ||
==== Examples: ==== | ==== Examples: ==== | ||
You need a valid kerberos ticket to run these commands. It can be obtained by running <code>kinit <FAS_USERNAME>@FEDORAPROJECT.ORG</code>. | You need a valid kerberos ticket to run these commands. It can be obtained by running <code>kinit <FAS_USERNAME>@FEDORAPROJECT.ORG</code>. Kerberos login would require `dns_canonicalize_hostname = false` in `/etc/krb5.conf`. Related documentation can be found at [https://fedoraproject.org/wiki/Infrastructure/Kerberos#Extra_info_for_Infrastructure_people Kerberos#Extra_info_for_Infrastructure_people]. | ||
* <code>mock-build</code> performs a full scan on the package: <code>osh-cli mock-build --config="fedora-39-x86_64" --nvr units-2.22-6.fc39</code> | * <code>mock-build</code> performs a full scan on the package: <code>osh-cli mock-build --config="fedora-39-x86_64" --nvr units-2.22-6.fc39</code> | ||
* <code>version-diff-build</code> performs a differential scan between two different | * <code>version-diff-build</code> performs a differential scan between two different versions of packages: <code>osh-cli version-diff-build --config=fedora-39-x86_64 --brew-build units-2.22-6.fc39 --base-config=fedora-39-x86_64 --base-brew-build units-2.21-5.fc37</code> | ||
* <code>diff-build</code> performs a differntial scan with the downstream patches: <code>osh-cli diff-build --config="fedora-39-x86_64" --nvr units-2.22-6.fc39</code> | * <code>diff-build</code> performs a differntial scan with the downstream patches: <code>osh-cli diff-build --config="fedora-39-x86_64" --nvr units-2.22-6.fc39</code> | ||
* SRPMs built locally can be scanned through: <code>osh-cli mock-build --config="<config name>" <path to SRPM></code> | * SRPMs built locally can be scanned through: <code>osh-cli mock-build --config="<config name>" <path to SRPM></code> | ||
* A more verbose log of the compiler output can be seen through executing `csgrep` command on the raw output. For example, `curl -s 'https://openscanhub.fedoraproject.org/task/16/log/added.js?format=raw' | csgrep`. `csgrep` command can be installed through: `dnf install -y csdiff`. | |||
=== Related Links === | === Related Links === | ||
Latest revision as of 15:14, 6 August 2024
OpenScanHub
OpenScanHub is a service that runs various static analyzers on RPM packages. OpenScanHub by default uses Cppcheck, ShellCheck, the static analyzers embedded in GCC and Clang, and the find-unicode-control tool. Other tools for static (and dynamic) analysis can be enabled on demand while submitting an OpenScanHub task.
How to use it?
This service can be accessed at openscanhub.fedoraproject.org. The easiest way to run an OpenScanHub scan is to submit a scan through create new scan form. You need to login by clicking krb5login link before submitting the scan. See the examples section about how to obtain a kerberos ticket.
Alternatively, you can install the command line client by running: dnf install -y osh-client.
Examples:
You need a valid kerberos ticket to run these commands. It can be obtained by running kinit <FAS_USERNAME>@FEDORAPROJECT.ORG. Kerberos login would require dns_canonicalize_hostname = false in /etc/krb5.conf. Related documentation can be found at Kerberos#Extra_info_for_Infrastructure_people.
mock-buildperforms a full scan on the package:osh-cli mock-build --config="fedora-39-x86_64" --nvr units-2.22-6.fc39
version-diff-buildperforms a differential scan between two different versions of packages:osh-cli version-diff-build --config=fedora-39-x86_64 --brew-build units-2.22-6.fc39 --base-config=fedora-39-x86_64 --base-brew-build units-2.21-5.fc37
diff-buildperforms a differntial scan with the downstream patches:osh-cli diff-build --config="fedora-39-x86_64" --nvr units-2.22-6.fc39
- SRPMs built locally can be scanned through:
osh-cli mock-build --config="<config name>" <path to SRPM>
- A more verbose log of the compiler output can be seen through executing
csgrepcommand on the raw output. For example,curl -s 'https://openscanhub.fedoraproject.org/task/16/log/added.js?format=raw' | csgrep.csgrepcommand can be installed through:dnf install -y csdiff.
Related Links
- GitHub - https://github.com/openscanhub/openscanhub
- Developer documentation - https://github.com/openscanhub/openscanhub/blob/main/docs/development.md
- Homepage - https://openscanhub.dev/
- Mailing list - https://lists.fedoraproject.org/archives/list/openscanhub@lists.fedoraproject.org/