Add coverity

.github/workflows/static_analysis.yml

@@ -0,0 +1,63 @@
+---
+  name: Coverity Static Analysis
+  on: [pull_request]
+  jobs:
+    polaris-scan:
+      name: Polaris Coverity Static Analysis
+      permissions:
+        packages: write
+      runs-on: ubuntu-latest
+      env:
+        VCPKG_NUGET_USER: ${{secrets.VCPKG_NUGET_USER || github.repository_owner}}
+        VCPKG_NUGET_TOKEN: ${{secrets.VCPKG_NUGET_TOKEN || secrets.GITHUB_TOKEN}}
+      steps:
+        - name: Get number of CPU cores
+          uses: SimenB/github-actions-cpu-cores@v2.0.0
+          id: cpu-cores
+
+        - name: Checkout Source
+          uses: actions/checkout@v4
+          with:
+            submodules: recursive
+            fetch-depth: 0
+
+        - name: Setup build dependencies
+          run: |
+            sudo apt-get update
+            sudo apt-get install -y gcc-10 g++-10 make mono-complete libkrb5-dev libsasl2-dev
+
+        - name: Setup VCPKG cache
+          run: |
+            . build_tooling/vcpkg_caching.sh
+            echo -e "VCPKG_BINARY_SOURCES=$VCPKG_BINARY_SOURCES
+            VCPKG_ROOT=$PLATFORM_VCPKG_ROOT" | tee -a $GITHUB_ENV
+
+        - name: Get CMake
+          uses: lukka/get-cmake@latest
+
+        - name: CMake configure
+          uses: lukka/run-cmake@v10.8
+          with:
+            cmakeListsTxtPath: ${{github.workspace}}/cpp/CMakeLists.txt
+            configurePreset: linux-debug
+            configurePresetAdditionalArgs: "['-DVCPKG_INSTALL_OPTIONS=--clean-after-build', '-DCMAKE_C_COMPILER=gcc-10', '-DCMAKE_CXX_COMPILER=g++-10']"
+
+        - name: Polaris PR Scan
+          uses: synopsys-sig/synopsys-action@v1.13.0
+          with:
+            polaris_server_url: ${{ vars.POLARIS_SERVER_URL }}
+            polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }}
+            polaris_application_name: "ArcticDB"
+            polaris_project_name: "ArcticDB-core"
+            polaris_assessment_types: "SAST"
+            polaris_prComment_enabled: true
+            polaris_waitForScan: true
+            coverity_build_command: make -j ${{ steps.cpu-cores.outputs.count }}
+            coverity_clean_command: make clean
+            github_token: ${{ secrets.POLARIS_GITHUB_TOKEN }}
+            project_directory: ${{github.workspace}}/cpp/out/linux-debug-build
+            include_diagnostics: true
+            polaris_reports_sarif_create: true
+            polaris_reports_sarif_groupSCAIssues: true
+            polaris_upload_sarif_report: true
+            polaris_prComment_severities: "high,critical,medium,low"

cpp/arcticdb/CMakeLists.txt

@@ -387,6 +387,10 @@ set(arcticdb_srcs
         version/version_store_objects.hpp
         version/version_utils.hpp
         # CPP files
+
+        # TODO: Remove used only to test Coverity PR comments
+        test_coverity_pr_comments.cpp
+
         async/async_store.cpp
         async/bit_rate_stats.cpp
         async/task_scheduler.cpp
@@ -998,9 +1002,6 @@ if(${TEST})
                 GTest::gtest
                 GTest::gmock
                 Python::Python # + pybind11::pybind11 (transitively included) = pybind11::embed, but latter is sometimes not found...
-                curl
-                krb5support
-                k5crypto
                 util # TODO: find out where we lost the transitive link to it
                 )
         if(NOT APPLE)

cpp/arcticdb/test_coverity_pr_comments.cpp

@@ -0,0 +1,20 @@
+#include <vector>
+#include <iostream>
+
+void my_function_with_errors() {
+	{
+		std::vector<int> a = { 1, 2, 3 };
+		auto b = std::move(a);
+
+		// Use after move
+		std::cout << a.size();
+	}
+
+	{
+		int* b = new int(5);
+		delete b;
+
+		// Use after free
+		std::cout << *b;
+	}
+}