doc: add info on project's usage of coverity

Document project's used of coverity and how collaborators can get access. Signed-off-by: Michael Dawson <mdawson@devrus.com> PR-URL: https://github.com/nodejs/node/pull/40506 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com>
2024-11-21 10:59:27 +00:00 · 2021-10-18 17:18:29 -04:00 · 2021-10-18 17:18:29 -04:00 · 9ebdba49c7
commit 9ebdba49c7
parent 7c2b4906fa
3 changed files with 22 additions and 0 deletions
--- a/doc/guides/offboarding.md
+++ b/doc/guides/offboarding.md
@ -12,3 +12,6 @@ emeritus or leaves the project.
    a team listing. For example, if someone is removed from @nodejs/build,
    they should also be removed from the Build WG README.md file in the
    <https://github.com/nodejs/build> repository.
+* Open an issue in the [build](https://github.com/nodejs/build) repository
+  titled `Remove Collaborator from Coverity` asking that the collaborator
+  be removed from the Node.js coverity project if they had access.
--- a/doc/guides/static-analysis.md
+++ b/doc/guides/static-analysis.md
@ -0,0 +1,16 @@
+# Static Analysis
+
+The project uses Coverity to scan Node.js source code and to report potential
+issues in the C/C++ code base.
+
+Those who have been added to the Node.js coverity project can receive emails
+when there are new issues reported as well as view all current issues
+through [https://scan9.coverity.com/reports.htm](https://scan9.coverity.com/reports.htm).
+
+Any collaborator can ask to be added to the Node.js coverity project
+by opening an issue in the [build](https://github.com/nodejs/build) repository
+titled `Please add me to coverity`. A member of the build WG with admin
+access will verify that the requestor is an existing collaborator as listed in
+the [colloborators section](https://github.com/nodejs/node#collaborators)
+on the nodejs/node project repo. Once validated the requestor will added
+to to the coverity project.
--- a/onboarding.md
+++ b/onboarding.md
@ -249,6 +249,8 @@ needs to be pointed out separately during the onboarding.
  project. The Foundation has travel funds to cover participants' expenses
  including accommodations, transportation, visa fees, etc. if needed. Check out
  the [summit](https://github.com/nodejs/summit) repository for details.
+* If you are interested in helping to fix coverity reports consider requesting
+  access to the projects coverity project as outlined in [static-analysis][].

 [Code of Conduct]: https://github.com/nodejs/admin/blob/HEAD/CODE_OF_CONDUCT.md
 [Labels]: doc/guides/collaborator-guide.md#labels
@ -259,6 +261,7 @@ needs to be pointed out separately during the onboarding.
 [`git-node`]: https://github.com/nodejs/node-core-utils/blob/HEAD/docs/git-node.md
 [`node-core-utils`]: https://github.com/nodejs/node-core-utils
 [set up the credentials]: https://github.com/nodejs/node-core-utils#setting-up-github-credentials
+[static-analysis]: doc/guides/static-analysis.md
 [two-factor authentication]: https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/
 [using a TOTP mobile app]: https://help.github.com/articles/configuring-two-factor-authentication-via-a-totp-mobile-app/
 [who-to-cc]: doc/guides/collaborator-guide.md#who-to-cc-in-the-issue-tracker