Hi Kostiantyn,

The Coverity tool for TF-M is not fully configured and the work is in progress in tf.org.

The current configuration you can find here:

https://git.trustedfirmware.org/ci/tf-m-ci-scripts.git/tree/coverity

Being incomplete, the scan results are not used or published. Anyway, the output is on Coverity site https://scan.coverity.com/

under “Trusted Firmware-M” project. It will require a sign-up and authorization.

Hope it helps,

Anton

From: Kostiantyn.Tkachov--- via TF-M <tf-m@lists.trustedfirmware.org>
Sent: Thursday, February 17, 2022 11:17 PM
To: tf-m@lists.trustedfirmware.org
Cc: Roman.Mazurak@infineon.com
Subject: [TF-M] TF-M covertly results and configs to align our coverity environment to TF-M project CI

Hi colleagues!

Could we get a list of MISRA/CERT-C violations that were found by tf-m Coverity CI, as example from https://ci.trustedfirmware.org/job/tf-m-coverity/lastSuccessfulBuild/

Also (if it possible), could you provide Coverity configs to help align this tool setup on our side to CI and to check all changes before any pool requests?

Best regards,

Kostiantyn Tkachov

Cypress Semiconductor Ukraine

Firmware Security