Our website uses cookies to enhance your browsing experience.
Accept
to the top
close form

Fill out the form in 2 simple steps below:

Your contact information:

Step 1
Congratulations! This is your promo code!

Desired license type:

Step 2
Team license
Enterprise license
** By clicking this button you agree to our Privacy Policy statement
close form
Request our prices
New License
License Renewal
--Select currency--
USD
EUR
* By clicking this button you agree to our Privacy Policy statement

close form
Free PVS‑Studio license for Microsoft MVP specialists
* By clicking this button you agree to our Privacy Policy statement

close form
To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

close form
I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

close form
check circle
Message submitted.

Your message has been sent. We will email you at


If you do not see the email in your inbox, please check if it is filtered to one of the following folders:

  • Promotion
  • Updates
  • Spam

Webinar: Evaluation - 05.12

>
>
Running PVS-Studio in GitLab CI/CD
menu mobile close menu
Analyzer diagnostics
General Analysis (C++)
General Analysis (C#)
General Analysis (Java)
Micro-Optimizations (C++)
Diagnosis of 64-bit errors (Viva64, C++)
Customer specific requests (C++)
MISRA errors
AUTOSAR errors
OWASP errors (C++)
OWASP errors (C#)
Problems related to code analyzer
Additional information
toggle menu Contents

Running PVS-Studio in GitLab CI/CD

Apr 06 2021

Running PVS-Studio in GitLab CI/CD

GitLab is an online service designed to manage repositories. You can register an account and use GitLab's official website. Alternatively, you can install and deploy GitLab on your server.

This documentation describes an example of the PVS-Studio integration for analyzing C and C++ code. The commands to run PVS-Studio for analyzing C# or Java code will be different. Please consult the following documentation sections: "Analyzing Visual Studio / MSBuild / .NET projects from the command line using PVS-Studio" and "Direct use of Java analyzer from command line".

When starting a task, GitLab CI uses instructions from the '.gitlab-ci.yml' file. There are two ways to add this file: you can create it in a local repository and upload it to the website, or click the 'Set up CI/CD' button to add it. For this tutorial, use the second option:

GitLab/image1.png

Write a sample script:

image: debian
job:
  script:

Download the analyzer and the 'sendemail' utility:

- apt-get update && apt-get -y install wget gnupg 
- wget -O - https://files.pvs-studio.com/etc/pubkey.txt | apt-key add - 
- wget -O /etc/apt/sources.list.d/viva64.list
  https://files.pvs-studio.com/etc/viva64.list
- apt-get update && apt-get -y install pvs-studio
  sendemail

Next, install build utilities and dependencies. Refer to this OBS build as an example:

- apt-get -y install build-essential cmake  
  make pkg-config libx11-dev libgl1-mesa-dev 
  libpulse-dev libxcomposite-dev 
  libxinerama-dev libv4l-dev libudev-dev libfreetype6-dev 
  libfontconfig-dev qtbase5-dev 
  libqt5x11extras5-dev libx264-dev libxcb-xinerama0-dev 
  libxcb-shm0-dev libjack-jackd2-dev libcurl4-openssl-dev 
  libavcodec-dev libqt5svg5 libavfilter-dev 
  libavdevice-dev libsdl2-dev ffmpeg
  qt5-default qtscript5-dev libssl-dev 
  qttools5-dev qttools5-dev-tools qtmultimedia5-dev 
  libqt5svg5-dev libqt5webkit5-dev  libasound2 
  libxmu-dev libxi-dev freeglut3-dev libasound2-dev 
  libjack-jackd2-dev libxrandr-dev libqt5xmlpatterns5-dev 
  libqt5xmlpatterns5 coccinelle parallel
  libapparmor-dev libcap-dev libseccomp-dev
  python3-dev python3-setuptools docbook2x
  libgnutls28-dev libselinux1-dev linux-libc-dev
  libtool autotools-dev 
  libio-socket-ssl-perl 
  libnet-ssleay-perl ca-certificates

Create an analyzer license file. By default, the 'PVS-Studio.lic' file is created in the '~/.config/PVS-Studio' directory by default. In this case, you do not need to specify the license file in the analyzer startup settings. The analyzer will recognize it automatically:

- pvs-studio-analyzer credentials $PVS_NAME $PVS_KEY

Here, 'PVS_NAME' and 'PVS_KEY' are variables for the PVS-Studio username and license key. You can specify these values in the repository settings. To set these values, go to 'Settings -> CI/CD -> Variables'.

GitLab/image3.png

Call the 'cmake' command to build the project:

- cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=On /builds/Stolyarrrov/obscheck/
- make -j4

Then start the analyzer:

- pvs-studio-analyzer analyze -o PVS-Studio.log

The analyzer will issue 'PVS-Studio.log' file with raw analysis results. Use the 'plog-converter' utility to convert them into an easy-to-read format.

For example, convert the report to html:

- plog-converter -t html PVS-Studio.log -o PVS-Studio.html

To download the report, you can use artifacts. Alternatively, you can email the report. The code below demonstrates how to do this. Use the 'sendemail' utility:

- sendemail -t $MAIL_TO
  -m "PVS-Studio report, commit:$CI_COMMIT_SHORT_SHA"
  -s $GMAIL_PORT
  -o tls=auto
  -f $MAIL_FROM 
  -xu $MAIL_FROM 
  -xp $MAIL_FROM_PASS 
  -a PVS-Studio.log PVS-Studio.html

The complete '.gitlab-ci.yml' listing:

image: debian
job:
  script:
    - apt-get update && apt-get -y install wget gnupg 
    - wget -O - https://files.pvs-studio.com/etc/pubkey.txt | apt-key add - 
    - wget -O /etc/apt/sources.list.d/viva64.list 
      https://files.pvs-studio.com/etc/viva64.list
    - apt-get update && apt-get -y install pvs-studio
      sendemail
    - apt-get -y install build-essential cmake  
      pkg-config libx11-dev libgl1-mesa-dev 
      libpulse-dev libxcomposite-dev 
      libxinerama-dev libv4l-dev libudev-dev libfreetype6-dev 
      libfontconfig-dev qtbase5-dev 
      libqt5x11extras5-dev libx264-dev libxcb-xinerama0-dev 
      libxcb-shm0-dev libjack-jackd2-dev libcurl4-openssl-dev 
      libavcodec-dev libqt5svg5 libavfilter-dev 
      libavdevice-dev libsdl2-dev ffmpeg
      qt5-default qtscript5-dev libssl-dev 
      qttools5-dev qttools5-dev-tools qtmultimedia5-dev 
      libqt5svg5-dev libqt5webkit5-dev  libasound2 
      libxmu-dev libxi-dev freeglut3-dev libasound2-dev 
      libjack-jackd2-dev libxrandr-dev libqt5xmlpatterns5-dev 
      libqt5xmlpatterns5 coccinelle parallel
      libapparmor-dev libcap-dev libseccomp-dev
      python3-dev python3-setuptools docbook2x
      libgnutls28-dev libselinux1-dev linux-libc-dev
      libtool autotools-dev 
      make libio-socket-ssl-perl 
      libnet-ssleay-perl ca-certificates
    - pvs-studio-analyzer credentials $PVS_NAME $PVS_KEY
    - cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=On /builds/Stolyarrrov/obscheck/
    - make -j4
    - pvs-studio-analyzer analyze -o PVS-Studio.log 
    - plog-converter -t html PVS-Studio.log -o PVS-Studio.html
    - sendemail -t $MAIL_TO
      -m "PVS-Studio report, commit:$CI_COMMIT_SHORT_SHA"
      -s $GMAIL_PORT
      -o tls=auto
      -f $MAIL_FROM 
      -xu $MAIL_FROM 
      -xp $MAIL_FROM_PASS 
      -a PVS-Studio.log PVS-Studio.html

Click the 'commit' button. If you did everything correctly, you will see the "This GitLab CI configuration is valid" entry. To track the task's progress, go to the 'CI/CD -> Pipelines'.

GitLab/image5.png

You can click the 'running' button to see the terminal of the virtual machine that runs the specified build and analysis script. After a while you will get the 'Job succeeded' message.

GitLab/image6.png

Converting analysis results into a Code Quality report

To convert the PVS-Studio analysis results into a Code Quality report, use the Plog Converter utility.

To make sure that paths to the source files in the report are displayed correctly, use the ‑‑sourcetree-root (-r) flag when running the analysis. Below is the command to run the analysis:

- pvs-studio-analyzer analyze -r "path/to/build/project" -o PVS-Studio.log

The conversion command:

- plog-converter -t gitlab -o PVS-Studio.log.gitlab.json PVS-Studio.log

For tasks on Windows, use the following command:

- PlogConverter.exe -t GitLab -o .\ PVS-Studio.plog

After the report is generated, save it as an artifact. To do this, add the step written below to the '.gitlab-ci.yml' configurational file:

artifacts:
    reports:
        codequality: [./PVS-Studio.log.gitlab.json]

As a result, the analyzer warnings will appear in the Code Quality tab.