The document discusses configuring the PVS-Studio static code analyzer on the Azure DevOps cloud platform. It provides steps to integrate the analyzer using both Microsoft-hosted and self-hosted agents. Examples of bugs found by the analyzer in the ShareX project are presented, including redundant checks, incorrect assumptions, and a bug in pixelation logic that causes transparency issues. The pixelation bug demonstration highlights how visualizing issues can aid understanding.
Use Docker to Deliver Cognitive Services Running Cross Platform and Multi Clo...Docker, Inc.
Watson developer cloud delivers Watson Cognitive services as micro services on the cloud that are being used by many IBM Watson customers. The micro services were packaged in ova at the first release. There were some drawbacks in ova deployment in the cloud. We gradually switched to use docker. As a result, the service deployment time and start up time are significantly improved. It also greatly simplified our continuous delivery process since our services run on both Intel and Power platform and we have offerings on our public cloud, dedicated cloud as well as customers’ on premise cloud. With minimal deployment time and quick startup time, Docker makes our dynamic creation of service instance on the fly per customer request possible.
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...Janusz Nowak
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anything to Anywhere with Azure DevOps
Janusz Nowak
@jnowwwak
https://www.linkedin.com/in/janono
https://github.com/janusznowak
https://blog.janono.pl
Mihai Criveti - PyCon Ireland - Automate EverythingMihai Criveti
PyCon Ireland - Python DevOps flows with Ansible, Packer & Kubernetes - Mihai Criveti
https://www.youtube.com/watch?v=lO884XAdddQ
1 Packer: Image Build Automation
2 OpenSCAP: Automate Security Baselines
3 Ansible: Provisioning and Configuration Management
4 Molecule: Test your Ansible Playbooks on Docker, Vagrant or Cloud
5 Vagrant: Test images with vagrant
6 Package Python Applications with setuptools
7 Kubernetes: Container Orchestration at Scale
8 DevOps Culture and Practice
The document discusses Jenkins workflow and continuous delivery using Jenkins. It describes early Jenkins jobs and techniques for job chaining. Existing plugins for copying artifacts and parameterized triggering are noted but do not survive restarts. The characteristics of workflows that are complex, non-sequential, long-running, involve human interaction and are restartable are outlined. Jenkins workflow is described as being based on Groovy, capturing the entire workflow definition, using familiar control flows and supporting multiple stages, integrated human input, and standard project concepts.
Pimp your Continuous Delivery Pipeline with Jenkins workflow (W-JAX 14)CloudBees
Continuous delivery pipelines are, by definition, workflows with parallel job executions, join points, retries of jobs (Selenium tests are fragile) and manual steps (validation by a QA team). Come and discover how the new workflow engine of Jenkins CI and its Groovy-based DSL will give another dimension to your continuous delivery pipelines and greatly simplify your life.
Sample workflow groovy script used in this presentation: https://gist.github.com/cyrille-leclerc/796085e19d9cec4a71ef
Jenkins workflow syntax reference card: https://github.com/cyrille-leclerc/workflow-plugin/blob/master/SYNTAX-REFERENCE-CARD.md
Building Developer Pipelines with PKS, Harbor, Clair, and ConcourseVMware Tanzu
SpringOne Platform 2017
Thomas Kraus, VMware; Merlin Glynn, VMware
Today's developer needs to rapidly build and deploy code in a consistent, predictable, and declarative manner. This session will illustrate how companies can leverage PKS, Kubernetes, Harbor, Clair, and Concourse to achieve these goals. The session will provide a solution overview for developing, building, and deploying applications using Container technologies from VMware and Pivotal. A brief review of each of the technologies being discussed will be provided. The session will include a proposed end to end solution leveraging all of these technologies to provide a better developer experience. The session will conclude with a demonstration illustrating a development workflow leveraging these technologies to initially develop and then update an Application running on PKS and Kubernetes.
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelDocker, Inc.
Micro Focus uses Docker Hub at scale to support its software delivery and deployment model. Some key points:
- Docker Hub is used as the registry service for Micro Focus container images
- It allows for optimized, secure, reliable and cost-effective software delivery through deployments and updates of container images to customers and partners
- Micro Focus leverages features like private repositories, offline/online access, signing and scanning of images, and integration with CI/CD pipelines
- Over 1,650 organizations, 450 repositories, and 18 teams are used on Docker Hub to manage access and deliver software from Micro Focus
Use Docker to Deliver Cognitive Services Running Cross Platform and Multi Clo...Docker, Inc.
Watson developer cloud delivers Watson Cognitive services as micro services on the cloud that are being used by many IBM Watson customers. The micro services were packaged in ova at the first release. There were some drawbacks in ova deployment in the cloud. We gradually switched to use docker. As a result, the service deployment time and start up time are significantly improved. It also greatly simplified our continuous delivery process since our services run on both Intel and Power platform and we have offerings on our public cloud, dedicated cloud as well as customers’ on premise cloud. With minimal deployment time and quick startup time, Docker makes our dynamic creation of service instance on the fly per customer request possible.
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...Janusz Nowak
Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anything to Anywhere with Azure DevOps
Janusz Nowak
@jnowwwak
https://www.linkedin.com/in/janono
https://github.com/janusznowak
https://blog.janono.pl
Mihai Criveti - PyCon Ireland - Automate EverythingMihai Criveti
PyCon Ireland - Python DevOps flows with Ansible, Packer & Kubernetes - Mihai Criveti
https://www.youtube.com/watch?v=lO884XAdddQ
1 Packer: Image Build Automation
2 OpenSCAP: Automate Security Baselines
3 Ansible: Provisioning and Configuration Management
4 Molecule: Test your Ansible Playbooks on Docker, Vagrant or Cloud
5 Vagrant: Test images with vagrant
6 Package Python Applications with setuptools
7 Kubernetes: Container Orchestration at Scale
8 DevOps Culture and Practice
The document discusses Jenkins workflow and continuous delivery using Jenkins. It describes early Jenkins jobs and techniques for job chaining. Existing plugins for copying artifacts and parameterized triggering are noted but do not survive restarts. The characteristics of workflows that are complex, non-sequential, long-running, involve human interaction and are restartable are outlined. Jenkins workflow is described as being based on Groovy, capturing the entire workflow definition, using familiar control flows and supporting multiple stages, integrated human input, and standard project concepts.
Pimp your Continuous Delivery Pipeline with Jenkins workflow (W-JAX 14)CloudBees
Continuous delivery pipelines are, by definition, workflows with parallel job executions, join points, retries of jobs (Selenium tests are fragile) and manual steps (validation by a QA team). Come and discover how the new workflow engine of Jenkins CI and its Groovy-based DSL will give another dimension to your continuous delivery pipelines and greatly simplify your life.
Sample workflow groovy script used in this presentation: https://gist.github.com/cyrille-leclerc/796085e19d9cec4a71ef
Jenkins workflow syntax reference card: https://github.com/cyrille-leclerc/workflow-plugin/blob/master/SYNTAX-REFERENCE-CARD.md
Building Developer Pipelines with PKS, Harbor, Clair, and ConcourseVMware Tanzu
SpringOne Platform 2017
Thomas Kraus, VMware; Merlin Glynn, VMware
Today's developer needs to rapidly build and deploy code in a consistent, predictable, and declarative manner. This session will illustrate how companies can leverage PKS, Kubernetes, Harbor, Clair, and Concourse to achieve these goals. The session will provide a solution overview for developing, building, and deploying applications using Container technologies from VMware and Pivotal. A brief review of each of the technologies being discussed will be provided. The session will include a proposed end to end solution leveraging all of these technologies to provide a better developer experience. The session will conclude with a demonstration illustrating a development workflow leveraging these technologies to initially develop and then update an Application running on PKS and Kubernetes.
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelDocker, Inc.
Micro Focus uses Docker Hub at scale to support its software delivery and deployment model. Some key points:
- Docker Hub is used as the registry service for Micro Focus container images
- It allows for optimized, secure, reliable and cost-effective software delivery through deployments and updates of container images to customers and partners
- Micro Focus leverages features like private repositories, offline/online access, signing and scanning of images, and integration with CI/CD pipelines
- Over 1,650 organizations, 450 repositories, and 18 teams are used on Docker Hub to manage access and deliver software from Micro Focus
Demo of how to dockerise and deploy your microservices application to the test environment, how to run selenium tests inside docker and how to put this all together to integrate your tests in your CI/CD pipeline using Jenkins.
Presented at ATA GTR 2016 in Pune.
PuppetConf 2016: Keynote: Pulling the Strings to Containerize Your Life - Sco...Puppet
Scott Coulton is a Platform Engineering Lead at Autopilot who discusses how his company used Docker and Puppet to improve their CI/CD processes and speed up deployments to production while maintaining compliance. He explains how they had development teams deploy themselves by treating infrastructure as code that is automated, built, and tested. This allowed them to break down barriers and usher in a new wave of infrastructure development. Puppet was used for configuration management to containerize systems and help spread DevOps practices to other teams.
This document discusses how Jenkins can be used to integrate with Git and Docker. It describes how Jenkins supports advanced Git integration through various plugins that help manage interactions with Git repositories. It also explains how Jenkins can be used to both manage Docker resources and build Docker images through available plugins. The document includes demonstrations of these capabilities.
This document discusses dockerizing an e-learning application called Avendoo. It provides an overview of Avendoo and why Docker was used. Key points include:
1. Avendoo is an application for managing and publishing e-trainings that was developed externally and customized for Haufe Akademie.
2. Docker was implemented to containerize and deploy Avendoo across different environments like development, testing, staging and production in a standardized way.
3. The Docker implementation uses a factory pattern with Dockerfiles, images and volumes to build, test and deploy Avendoo and its dependencies to new virtual machines created with Docker Machine.
Developer Experience Cloud Native - Become Efficient and Achieve ParityMichael Hofmann
Zu einer effizienten Cloud-Entwicklung gehört nicht nur ein schnelles Deployment der Services in die Cloud. Auch ein reibungsloses Entwickeln und Debuggen der Services direkt in der Cloud steigert die Effizienz. Darüber hinaus sollte die Entwicklungsumgebung möglichst identisch mit der Produktionsumgebung sein. Diesen Umstand empfiehlt schon seit langem die 12-Factor-App-Auflistung in Punkt 10: "Dev/prod parity".
In dieser Session wird eine Auswahl an Open-Source-Tools vorgestellt, die einem Java-Entwickler bei der Erreichung folgender Ziele behilflich sind: schnelles und synchrones Deployment (Skaffold), Entwicklung und Debugging im Kubernetes Pod (OpenLiberty mit Ksync, Quarkus Live Coding), Erweiterung des Kubernetes Perimeter für eine lokale Entwicklung (telepresence oder Bridge to Kubernetes). Die einfache Handhabung dieser Tools verdeutlichen die zugehörigen Demos in dieser Session.
Slides from DockerCon SF 2015 –
Docker at Lyft: Speeding up development w/ Matthew Leventi
Talk description: Learn how Docker enables Lyft to increase developer productivity across our engineering organization. We'll go through a local development model that decreases our developer onboard time, and keeps our teams focused on delivering product goals. We'll also talk about how we use Docker to test changes to our servers and allow QA testing of our mobile clients. You'll come out of the talk with techniques and reasons for integrating docker not just in the cloud but also onto developer's laptops.
Some tools such as Chef and Jenkins are used by engineers in ops to great effect. Rarely though, a technology brings a paradigm to the masses.
Docker, like cloud virtualization is of this more rare breed.
The document provides an overview of continuous integration and continuous delivery practices. It discusses continuous integration, which involves integrating code changes frequently and verifying them through automated builds and tests. Continuous delivery is described as building software in a way that allows release to production at any time, while continuous deployment means any change is automatically deployed to production. Jenkins, an open source automation server, is introduced as a tool that enables continuous integration and deployment through jobs, credentials, scheduling, build steps, and post-build actions. Pipelines in Jenkins are discussed as dividing deployment into stages to provide quick feedback. The Blue Ocean plugin is highlighted as providing a simplified user interface for Jenkins pipelines.
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019kanedafromparis
This document discusses Kubernetes application lifecycle management with a focus on patch management. It begins with a reminder about Docker concepts like namespaces, containers, images and layers. It then provides a brief introduction to Kubernetes, discussing pods, services, deployments and replicasets. The document notes that failures can be quickly fixed during development, but patches are less frequent for production applications. It discusses tools for scanning for Common Vulnerabilities and Exposures (CVEs) and automating updates. Finally, it mentions some difficulties encountered with patching and proposed organizational solutions.
A hands-on workshop that covers 18 best practices in 4 categories or in other words ✅️ Dos & Don'ts.
After a general introduction, we will have a look at the essential practices (aka must do), then move to the image practices, then we will go through the security practices, and finally, some general practices.
Please note, this workshop assumes that you have a basic knowledge of Docker.
Hands-on repo:
https://github.com/aabouzaid/docker-best-practices-workshop
SD DevOps Meet-up - Jenkins 2.0 and Pipeline-as-CodeBrian Dawson
This is a presentation given at the March 16th San Diego DevOps Meet-up covering some of the upcoming activities around Jenkin 2.0 and the Pipeline plugins which provide for Pipeline-as-Code and enable Jenkins with 1st class pipelines and stages.
This document discusses using Azure DevOps for open source projects. It mentions Mohit Chhabra as the author and includes his email and Twitter handle. It also includes links to the Puppet Labs and IT Pro Guy websites, which contain articles about DevOps practices such as testing in production, fault injection, and usage monitoring. The document promotes a happy DevOps cycle between development and operations.
>>> View this presentation online at http://github-service-universe.kimminich.de/ <<<
PDF version of the slide deck for my JavaLand 2015 talk "All-round careful Software Development with GitHub Services"
Tools for unit testing, building applications, analyzing software quality and planning release scopes are an essential aspect of modern software development. With GitHub and "pluggable" external services there are lots of options to move these aspects into "the Cloud". For open source projects this is a viable alternative to on-premise solutions. In this talk I will present and demonstrate the CI lifecycle of some of my recent projects hosted on GitHub where I tried to integrate modern tools (e.g. Gradle, npm, bower) and external services (e.g. Travis-CI, Code Climate, Coveralls, HuBoard, AmazonSNS, NMA). The benefits and limitations of those services will be honestly illuminated. I am not affiliated with any of the providers mentioned, so this talk will not end up as a marketing show! Instead, the audience is supposed go out of this talk with some new things to try out with their own GitHub projects while hopefully being able to avoid some of the ramp-up difficulties.
Portable infrastructure with Puppet can be achieved through Puppet, an open source automation platform created by Puppet Labs to configure and manage infrastructure. Puppet provides a high-level language and reusable modules to standardize infrastructure and reduce maintenance costs. Puppet Labs is working to improve Puppet's performance, features, and usability while expanding its capabilities for infrastructure management and code sharing through new services like the Puppet Forge module repository. The goal is to enable collaboration and reuse of Puppet configurations across organizations through portable modules and tools.
I have evidence that using git and GitHub for documentation and community doc techniques can give us 300 doc changes in a month. I’ve bet my career on these methods and I want to share with you.
Analyze This! CloudBees Jenkins Cluster Operations and AnalyticsCloudBees
More and more organizations are jumping on the Continuous Delivery bandwagon to remain competitive. As they do so, they use Jenkins to on-board teams and to orchestrate their continuous delivery pipelines.
Jenkins Operations Center by CloudBees is the tool that helps organizations run their CI infrastructure at scale.
In this webinar, you will learn about:
* Reference architecture to build resilient Jenkins that onboard teams quickly
* Cluster Operations - helps to manage multiple Jenkins instances simultaneously.
* Want to install a new plugin on a 4 Jenkins masters ? We got that covered!
* CloudBees Analytics - offers insight into build and performance analytics.
* Want to know the number of jobs failing across 4 masters - we've got that covered too!
Cloud Foundry Summit 2015: Managing Multiple Cloud with a Single BOSH Deploym...VMware Tanzu
Speakers: Alexander Lomov and Alan Moran, Altoros
To learn more about Pivotal Cloud Foundry, visit http://www.pivotal.io/platform-as-a-service/pivotal-cloud-foundry.
This document discusses Infrastructure as Code (IaC) and how Ansible can be used to implement IaC. It defines IaC, explains the benefits such as cost reduction, speed, and risk removal. It also covers IaC approaches, methods, idempotence, best practices, and provides an Ansible demo.
PVS-Studio and Continuous Integration: TeamCity. Analysis of the Open RollerC...Andrey Karpov
One of the most relevant scenarios for using the PVS-Studio analyzer is its integration into CI systems. Even though a project analysis by PVS-Studio can already be embedded with just a few commands into almost any continuous integration system, we continue to make this process even more convenient. PVS-Studio now supports converting the analyzer output to the TeamCity format-TeamCity Inspections Type. Let's see how it works.
PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agentsAndrey Karpov
Static code analysis is most effective when changing a project, as errors are always more difficult to fix in the future than at an early stage. We continue expanding the options for using PVS-Studio in continuous development systems. This time, we'll show you how to configure pull request analysis using self-hosted agents in Microsoft Azure DevOps, using the example of the Minetest game.
Demo of how to dockerise and deploy your microservices application to the test environment, how to run selenium tests inside docker and how to put this all together to integrate your tests in your CI/CD pipeline using Jenkins.
Presented at ATA GTR 2016 in Pune.
PuppetConf 2016: Keynote: Pulling the Strings to Containerize Your Life - Sco...Puppet
Scott Coulton is a Platform Engineering Lead at Autopilot who discusses how his company used Docker and Puppet to improve their CI/CD processes and speed up deployments to production while maintaining compliance. He explains how they had development teams deploy themselves by treating infrastructure as code that is automated, built, and tested. This allowed them to break down barriers and usher in a new wave of infrastructure development. Puppet was used for configuration management to containerize systems and help spread DevOps practices to other teams.
This document discusses how Jenkins can be used to integrate with Git and Docker. It describes how Jenkins supports advanced Git integration through various plugins that help manage interactions with Git repositories. It also explains how Jenkins can be used to both manage Docker resources and build Docker images through available plugins. The document includes demonstrations of these capabilities.
This document discusses dockerizing an e-learning application called Avendoo. It provides an overview of Avendoo and why Docker was used. Key points include:
1. Avendoo is an application for managing and publishing e-trainings that was developed externally and customized for Haufe Akademie.
2. Docker was implemented to containerize and deploy Avendoo across different environments like development, testing, staging and production in a standardized way.
3. The Docker implementation uses a factory pattern with Dockerfiles, images and volumes to build, test and deploy Avendoo and its dependencies to new virtual machines created with Docker Machine.
Developer Experience Cloud Native - Become Efficient and Achieve ParityMichael Hofmann
Zu einer effizienten Cloud-Entwicklung gehört nicht nur ein schnelles Deployment der Services in die Cloud. Auch ein reibungsloses Entwickeln und Debuggen der Services direkt in der Cloud steigert die Effizienz. Darüber hinaus sollte die Entwicklungsumgebung möglichst identisch mit der Produktionsumgebung sein. Diesen Umstand empfiehlt schon seit langem die 12-Factor-App-Auflistung in Punkt 10: "Dev/prod parity".
In dieser Session wird eine Auswahl an Open-Source-Tools vorgestellt, die einem Java-Entwickler bei der Erreichung folgender Ziele behilflich sind: schnelles und synchrones Deployment (Skaffold), Entwicklung und Debugging im Kubernetes Pod (OpenLiberty mit Ksync, Quarkus Live Coding), Erweiterung des Kubernetes Perimeter für eine lokale Entwicklung (telepresence oder Bridge to Kubernetes). Die einfache Handhabung dieser Tools verdeutlichen die zugehörigen Demos in dieser Session.
Slides from DockerCon SF 2015 –
Docker at Lyft: Speeding up development w/ Matthew Leventi
Talk description: Learn how Docker enables Lyft to increase developer productivity across our engineering organization. We'll go through a local development model that decreases our developer onboard time, and keeps our teams focused on delivering product goals. We'll also talk about how we use Docker to test changes to our servers and allow QA testing of our mobile clients. You'll come out of the talk with techniques and reasons for integrating docker not just in the cloud but also onto developer's laptops.
Some tools such as Chef and Jenkins are used by engineers in ops to great effect. Rarely though, a technology brings a paradigm to the masses.
Docker, like cloud virtualization is of this more rare breed.
The document provides an overview of continuous integration and continuous delivery practices. It discusses continuous integration, which involves integrating code changes frequently and verifying them through automated builds and tests. Continuous delivery is described as building software in a way that allows release to production at any time, while continuous deployment means any change is automatically deployed to production. Jenkins, an open source automation server, is introduced as a tool that enables continuous integration and deployment through jobs, credentials, scheduling, build steps, and post-build actions. Pipelines in Jenkins are discussed as dividing deployment into stages to provide quick feedback. The Blue Ocean plugin is highlighted as providing a simplified user interface for Jenkins pipelines.
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019kanedafromparis
This document discusses Kubernetes application lifecycle management with a focus on patch management. It begins with a reminder about Docker concepts like namespaces, containers, images and layers. It then provides a brief introduction to Kubernetes, discussing pods, services, deployments and replicasets. The document notes that failures can be quickly fixed during development, but patches are less frequent for production applications. It discusses tools for scanning for Common Vulnerabilities and Exposures (CVEs) and automating updates. Finally, it mentions some difficulties encountered with patching and proposed organizational solutions.
A hands-on workshop that covers 18 best practices in 4 categories or in other words ✅️ Dos & Don'ts.
After a general introduction, we will have a look at the essential practices (aka must do), then move to the image practices, then we will go through the security practices, and finally, some general practices.
Please note, this workshop assumes that you have a basic knowledge of Docker.
Hands-on repo:
https://github.com/aabouzaid/docker-best-practices-workshop
SD DevOps Meet-up - Jenkins 2.0 and Pipeline-as-CodeBrian Dawson
This is a presentation given at the March 16th San Diego DevOps Meet-up covering some of the upcoming activities around Jenkin 2.0 and the Pipeline plugins which provide for Pipeline-as-Code and enable Jenkins with 1st class pipelines and stages.
This document discusses using Azure DevOps for open source projects. It mentions Mohit Chhabra as the author and includes his email and Twitter handle. It also includes links to the Puppet Labs and IT Pro Guy websites, which contain articles about DevOps practices such as testing in production, fault injection, and usage monitoring. The document promotes a happy DevOps cycle between development and operations.
>>> View this presentation online at http://github-service-universe.kimminich.de/ <<<
PDF version of the slide deck for my JavaLand 2015 talk "All-round careful Software Development with GitHub Services"
Tools for unit testing, building applications, analyzing software quality and planning release scopes are an essential aspect of modern software development. With GitHub and "pluggable" external services there are lots of options to move these aspects into "the Cloud". For open source projects this is a viable alternative to on-premise solutions. In this talk I will present and demonstrate the CI lifecycle of some of my recent projects hosted on GitHub where I tried to integrate modern tools (e.g. Gradle, npm, bower) and external services (e.g. Travis-CI, Code Climate, Coveralls, HuBoard, AmazonSNS, NMA). The benefits and limitations of those services will be honestly illuminated. I am not affiliated with any of the providers mentioned, so this talk will not end up as a marketing show! Instead, the audience is supposed go out of this talk with some new things to try out with their own GitHub projects while hopefully being able to avoid some of the ramp-up difficulties.
Portable infrastructure with Puppet can be achieved through Puppet, an open source automation platform created by Puppet Labs to configure and manage infrastructure. Puppet provides a high-level language and reusable modules to standardize infrastructure and reduce maintenance costs. Puppet Labs is working to improve Puppet's performance, features, and usability while expanding its capabilities for infrastructure management and code sharing through new services like the Puppet Forge module repository. The goal is to enable collaboration and reuse of Puppet configurations across organizations through portable modules and tools.
I have evidence that using git and GitHub for documentation and community doc techniques can give us 300 doc changes in a month. I’ve bet my career on these methods and I want to share with you.
Analyze This! CloudBees Jenkins Cluster Operations and AnalyticsCloudBees
More and more organizations are jumping on the Continuous Delivery bandwagon to remain competitive. As they do so, they use Jenkins to on-board teams and to orchestrate their continuous delivery pipelines.
Jenkins Operations Center by CloudBees is the tool that helps organizations run their CI infrastructure at scale.
In this webinar, you will learn about:
* Reference architecture to build resilient Jenkins that onboard teams quickly
* Cluster Operations - helps to manage multiple Jenkins instances simultaneously.
* Want to install a new plugin on a 4 Jenkins masters ? We got that covered!
* CloudBees Analytics - offers insight into build and performance analytics.
* Want to know the number of jobs failing across 4 masters - we've got that covered too!
Cloud Foundry Summit 2015: Managing Multiple Cloud with a Single BOSH Deploym...VMware Tanzu
Speakers: Alexander Lomov and Alan Moran, Altoros
To learn more about Pivotal Cloud Foundry, visit http://www.pivotal.io/platform-as-a-service/pivotal-cloud-foundry.
This document discusses Infrastructure as Code (IaC) and how Ansible can be used to implement IaC. It defines IaC, explains the benefits such as cost reduction, speed, and risk removal. It also covers IaC approaches, methods, idempotence, best practices, and provides an Ansible demo.
PVS-Studio and Continuous Integration: TeamCity. Analysis of the Open RollerC...Andrey Karpov
One of the most relevant scenarios for using the PVS-Studio analyzer is its integration into CI systems. Even though a project analysis by PVS-Studio can already be embedded with just a few commands into almost any continuous integration system, we continue to make this process even more convenient. PVS-Studio now supports converting the analyzer output to the TeamCity format-TeamCity Inspections Type. Let's see how it works.
PVS-Studio: analyzing pull requests in Azure DevOps using self-hosted agentsAndrey Karpov
Static code analysis is most effective when changing a project, as errors are always more difficult to fix in the future than at an early stage. We continue expanding the options for using PVS-Studio in continuous development systems. This time, we'll show you how to configure pull request analysis using self-hosted agents in Microsoft Azure DevOps, using the example of the Minetest game.
We continue checking Microsoft projects: analysis of PowerShellPVS-Studio
It has become a "good tradition" for Microsoft to make their products open-source: CoreFX, .Net Compiler Platform (Roslyn), Code Contracts, MSBuild, and other projects. For us, the developers of PVS-Studio analyzer, it's an opportunity to check well-known projects, tell people (including the project authors themselves) about the bugs we find, and additionally test our analyzer. Today we are going to talk about the errors found in another project by Microsoft, PowerShell.
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOpsAndrey Karpov
The document discusses integrating the PVS-Studio static code analyzer with Azure DevOps and Chocolatey. It provides steps to configure a build pipeline in Azure DevOps to install PVS-Studio using Chocolatey, run analysis on a project, and publish the results. The analysis found several potential bugs in the Chocolatey code including logical errors, redundant checks, and null reference issues. Integrating PVS-Studio with these tools helps improve code quality.
Analysis of merge requests in GitLab using PVS-Studio for C#Andrey Karpov
Do you like GitLab and don't like bugs? Do you want to improve the quality of your source code? Then you've come to the right place. Today we will tell you how to configure the PVS-Studio C# analyzer for checking merge requests. Enjoy the reading and have a nice unicorn mood.
The Chromium browser is developing very fast. When we checked the solution for the first time in 2011, it included 473 projects. Now it includes 1169 projects. We were curious to know if Google developers had managed to keep the highest quality of their code with Chromium developing at such a fast rate. Well, they had.
Orchard is a free, open source, community-focused Content Management System built on the ASP.NET MVC platform. Software IP management and project development governance are provided by Outercurve Foundation, a nonprofit fund.
Analysis of commits and pull requests in Travis CI, Buddy and AppVeyor using ...Andrey Karpov
Starting from the version 7.04, the PVS-Studio analyzer for C and C++ languages on Linux and macOS provides the test feature of checking the list of specified files. Using the new mode, you can configure the analyzer to check commits and pull requests. This article covers setting up the check of certain modified files from a GitHub project in such popular CI (Continuous Integration) systems, as Travis CI, Buddy and AppVeyor.
An important event has taken place in the PVS-Studio analyzer's life: support of C#-code analysis was added in the latest version. As one of its developers, I couldn't but try it on some project. Reading about scanning small and little-known projects is not much interesting of course, so it had to be something popular, and I picked MonoDevelop.
Static Analysis: From Getting Started to IntegrationAndrey Karpov
Sometimes, tired of endless code review and debugging, you start wondering if there are ways to make your life easier. After some googling or merely by accident, you stumble upon the phrase, "static analysis". Let's find out what it is and how it can be used in your project.
The document discusses Visual Studio's live static code analysis feature. It explains that this feature analyzes code in real-time as it is written, without requiring compilation, to detect errors and potential issues based on installed code analyzers. The document demonstrates how to install and use code analyzers through examples, showing how analyzers detect issues and provide suggestions to fix problems directly in the code editor through light bulb notifications. It provides a case study walking through fixing various issues detected in sample code using suggestions from an analyzer to iteratively improve the code quality.
Continuous Integration using Cruise Controlelliando dias
The document discusses Continuous Integration using Cruise Control. It defines Continuous Integration as integrating source code and running tests after each commit to the source repository to provide near-immediate feedback. Cruise Control runs builds whenever code is committed, allows scheduling nightly builds, and notifies users of build results to simplify release management. While Cruise Control automates the build process, developers must still write the build scripts and unit tests.
Trying to Sell PVS-Studio to Google, or New Bugs in ChromiumAndrey Karpov
Publishing articles about checks of various projects with our tool PVS-Studio usually brings us new customers. It's a fair business: programmers don't like ads but readily response to interesting materials which can be easily checked. That's why we prefer to demonstrate what our tool is capable of rather than directly advertise it. Nevertheless, despite that we checked Chromium three times already and found bugs in it each time, I still haven't received an email with an order request from google.com. I want to figure out what I am doing wrong and why Google would refuse to use PVS-Studio, so I decided to write one more article on this matter.
Linux version of PVS-Studio couldn't help checking CodeLitePVS-Studio
As is already known to our readers, PVS-Studio static analyzer is exploring a new development direction - the Linux platform; as you may have noticed from the previous articles, it is doing well. This article shows how easily you can check a project with the help of the Linux version of the analyzer, because the simpler PVS-Studio for Linux is, the more supporters it will have. This time our choice was the CodeLite project. CodeLite was compiled and tested in Linux. Let's see what results we got.
Analysis of PascalABC.NET using SonarQube plugins: SonarC# and PVS-StudioPVS-Studio
In November 2016, we posted an article about the development and use of the PVS-Studio plugin for SonarQube. We received great feedback from our customers and interested users who requested testing the plugin on a real project. As the interest in this subject is not decreasing, we decided to test the plugin on a C# project PascalABC.NET. Also, it should be borne in mind, that SonarQube have their own static analyzer of C# code - SonarC#. To make the report more complete, we decided to test SonarC# as well. The objective of this work was not the comparison of the analyzers, but the demonstration of the main peculiarities of their interaction with the SonarQube service. Plain comparison of the analyzers would not be fair due to the fact that PVS-Studio is a specialized tool for bug detection and potential vulnerabilities, while SonarQube is a service for the assessment of the code quality by a large number of parameters: code duplication, compliance with the code standards, unit tests coverage, potential bugs in the code, density of comments in the code, technical debt and so on.
At the moment, cloud CI systems are a highly-demanded service. In this article, we'll tell you how to integrate analysis of source code into a CI cloud platform with the tools that are already available in PVS-Studio. As an example we'll use the Travis CI service.
We have checked the Windows 8 Driver Samples pack with our analyzer PVS-Studio and found various bugs in its samples. There is nothing horrible about it - bugs can be found everywhere, so the title of this article may sound a bit high-flown. But these particular errors may be really dangerous, as it is a usual practice for developers to use demo samples as a basis for their own projects or borrow code fragments from them.
At some moment, long ago, we somehow started to cover in our articles any subject but the PVS-Studio tool itself. We told you about the projects we checked and the C++ language's subtle details; we told you how to create plugins in C# or how to launch PVS-Studio from the command line... But PVS-Studio is first of all meant for developers working in Visual Studio. We've done quite a lot to make it easier and more comfortable for them to use our tool. Yet this particular aspect usually stays off screen. Now I decided to improve that and tell you about the PVS-Studio plugin from scratch. If you are a Visual C++ user, this article is for you.
How to Improve Visual C++ 2017 Libraries Using PVS-StudioPVS-Studio
The title of this article is a hint for the Visual Studio developers that they could benefit from the use of PVS-Studio static code analyzer. The article discusses the analysis results of the libraries in the recent Visual C++ 2017 release and gives advice on how to improve them and eliminate the bugs found. Read on to find out how the developers of Visual C++ Libraries shoot themselves in the foot: it's going to be interesting and informative.
Similar to PVS-Studio in the Clouds: Azure DevOps (20)
Здесь вы найдёте 60 вредных советов для программистов и пояснение, почему они вредные. Всё будет одновременно в шутку и серьёзно. Как бы глупо ни смотрелся вредный совет, он не выдуман, а подсмотрен в реальном мире программирования.
In this article, you're going to find 60 terrible coding tips — and explanations of why they are terrible. It's a fun and serious piece at the same time. No matter how terrible these tips look, they aren't fiction, they are real: we saw them all in the real programming world.
Ошибки, которые сложно заметить на code review, но которые находятся статичес...Andrey Karpov
Есть ошибки, которые легко прячутся от программистов на обзорах кода. Чаще всего они связаны с опечатками или недостаточным знанием тонких нюансах языка/библиотеки. Давайте посмотрим интересные примеры таких ошибок и как их можно выявить с помощью статического анализа. При этом анализаторы не конкурируют с обзорами кода или, например, юнит-тестами. Они отлично дополняют другие методологии борьбы с ошибками.
PVS-Studio analyzes source code and finds various errors and code quality issues across multiple languages and frameworks. The document highlights 20 examples of issues found, including uninitialized variables, unreachable code, incorrect operations, security flaws, and typos. PVS-Studio is able to find these issues using techniques such as data-flow analysis, method annotation analysis, symbolic execution, type inference, and pattern-based analysis to precisely evaluate the code and pinpoint potential bugs or code smells.
When should you start using PVS-Studio? What can PVS-Studio detect? Supported standards: MISRA, CWE, CERT, OWASP, AUTOSAR. What about analysis options? What about legacy code?
Двойное освобождение ресурсов. Недостижимый код. Некорректные операции сдвига. Неправильная работа с типами. Опечатки и copy-paste. Проблемы безопасности. Путаница с приоритетом операций.
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...Andrey Karpov
George Gribkov presented on how to introduce static analysis to make programmers' and QA engineers' lives easier. Static analysis automatically checks code for bugs without executing it. While initial attempts to analyze Unreal Engine 4 failed, monitoring compiler calls directly succeeded in finding over 1800 warnings. Epic Games now uses continuous static analysis to receive early warnings. The best practices are to start analysis early and regularly in development and CI/CD pipelines, and to gradually fix old warnings using suppression files to ratchet down reported issues over time. Static and dynamic analysis complement each other to thoroughly check for errors.
Best Bugs from Games: Fellow Programmers' MistakesAndrey Karpov
George Gribkov will present on errors found in the code of popular games like System Shock, Doom 3, and osu!. He will discuss how his tool searches for code errors, provide examples of bugs detected, and conclude his presentation. The examples will showcase issues like unused variables, incorrect increment variables in for loops, null pointer dereferences, and misunderstandings of operators like ??. Corrections will be proposed to address the bugs.
Does static analysis need machine learning?Andrey Karpov
This document discusses whether static analysis needs machine learning. It begins with an introduction to static analysis and outlines existing static analysis solutions like DeepCode, Infer, SapFix, Embold, Source{d}, Clever-Commit, and CodeGuru. It then addresses problems with learning manually or from real large code bases, like outdated code and lack of documentation. Finally, it discusses promising approaches like analyzing code style, collecting additional metrics, and best practices for specific frameworks.
Typical errors in code on the example of C++, C#, and JavaAndrey Karpov
Objectives of this webinar
How we detected error patterns
Patterns themselves and how to avoid them:
3.1 Copy-paste and last line effect
3.2 if (A) {...} else if (A)
3.3 Errors in checks
3.4 Array index out of bounds
3.5 Operator precedence
3.6 Typos that are hard to spot
How to use static analysis properly
Conclusion
Q&A
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)Andrey Karpov
How to fight bugs in legacy code?
Should you do it at all?
What to do if there are hundreds or even thousands of errors?(that’s usually the case)
How to avoid spending a plethora of man-hours on this?
And still, how did you work with Unreal Engine?
C++ Code as Seen by a Hypercritical ReviewerAndrey Karpov
We all do code reviews. Who doesn't admit this – does it twice as often. C++ code reviewers look like a sapper. .. except that they can make a mistake more than once. But sometimes the consequences are painful . Brave code review world.
The Use of Static Code Analysis When Teaching or Developing Open-Source SoftwareAndrey Karpov
The document discusses using static code analysis when teaching or developing open-source software. It outlines how static analysis can help instructors check student homework and projects more efficiently, and help students learn about error patterns. When using static analysis for open-source projects, it recommends integrating it into developers' workflows locally and via continuous integration systems. Regular use is key to maximizing its benefits for finding and fixing bugs.
Static Code Analysis for Projects, Built on Unreal EngineAndrey Karpov
Why Do You Need Static Analysis? Detect errors early in the program development process. Get recommendations on code formatting. Check your spelling. Calculate various software metrics.
Are С and C++ Alive? Even More, IBM RPG Is! C and C++ Are Not Just for Old Systems. Are С and C++ Alive? Summary for C, C++. Embedded: C and С++ Are on the Rise.
Zero, one, two, Freddy's coming for youAndrey Karpov
This post continues the series of articles, which can well be called "horrors for developers". This time it will also touch upon a typical pattern of typos related to the usage of numbers 0, 1, 2. The language you're writing in doesn't really matter: it can be C, C++, C#, or Java. If you're using constants 0, 1, 2 or variables' names contain these numbers, most likely, Freddy will come to visit you at night. Go on, read and don't say we didn't warn you.
Software Engineering, Software Consulting, Tech Lead, Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Transaction, Spring MVC, OpenShift Cloud Platform, Kafka, REST, SOAP, LLD & HLD.
Atelier - Innover avec l’IA Générative et les graphes de connaissancesNeo4j
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Allez au-delà du battage médiatique autour de l’IA et découvrez des techniques pratiques pour utiliser l’IA de manière responsable à travers les données de votre organisation. Explorez comment utiliser les graphes de connaissances pour augmenter la précision, la transparence et la capacité d’explication dans les systèmes d’IA générative. Vous partirez avec une expérience pratique combinant les relations entre les données et les LLM pour apporter du contexte spécifique à votre domaine et améliorer votre raisonnement.
Amenez votre ordinateur portable et nous vous guiderons sur la mise en place de votre propre pile d’IA générative, en vous fournissant des exemples pratiques et codés pour démarrer en quelques minutes.
Hand Rolled Applicative User ValidationCode KataPhilip Schwarz
Could you use a simple piece of Scala validation code (granted, a very simplistic one too!) that you can rewrite, now and again, to refresh your basic understanding of Applicative operators <*>, <*, *>?
The goal is not to write perfect code showcasing validation, but rather, to provide a small, rough-and ready exercise to reinforce your muscle-memory.
Despite its grandiose-sounding title, this deck consists of just three slides showing the Scala 3 code to be rewritten whenever the details of the operators begin to fade away.
The code is my rough and ready translation of a Haskell user-validation program found in a book called Finding Success (and Failure) in Haskell - Fall in love with applicative functors.
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Łukasz Chruściel
No one wants their application to drag like a car stuck in the slow lane! Yet it’s all too common to encounter bumpy, pothole-filled solutions that slow the speed of any application. Symfony apps are not an exception.
In this talk, I will take you for a spin around the performance racetrack. We’ll explore common pitfalls - those hidden potholes on your application that can cause unexpected slowdowns. Learn how to spot these performance bumps early, and more importantly, how to navigate around them to keep your application running at top speed.
We will focus in particular on tuning your engine at the application level, making the right adjustments to ensure that your system responds like a well-oiled, high-performance race car.
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemPeter Muessig
Learn about the latest innovations in and around OpenUI5/SAPUI5: UI5 Tooling, UI5 linter, UI5 Web Components, Web Components Integration, UI5 2.x, UI5 GenAI.
Recording:
https://www.youtube.com/live/MSdGLG2zLy8?si=INxBHTqkwHhxV5Ta&t=0
Microservice Teams - How the cloud changes the way we workSven Peters
A lot of technical challenges and complexity come with building a cloud-native and distributed architecture. The way we develop backend software has fundamentally changed in the last ten years. Managing a microservices architecture demands a lot of us to ensure observability and operational resiliency. But did you also change the way you run your development teams?
Sven will talk about Atlassian’s journey from a monolith to a multi-tenanted architecture and how it affected the way the engineering teams work. You will learn how we shifted to service ownership, moved to more autonomous teams (and its challenges), and established platform and enablement teams.
E-commerce Application Development Company.pdfHornet Dynamics
Your business can reach new heights with our assistance as we design solutions that are specifically appropriate for your goals and vision. Our eCommerce application solutions can digitally coordinate all retail operations processes to meet the demands of the marketplace while maintaining business continuity.
Revolutionizing Visual Effects Mastering AI Face Swaps.pdfUndress Baby
The quest for the best AI face swap solution is marked by an amalgamation of technological prowess and artistic finesse, where cutting-edge algorithms seamlessly replace faces in images or videos with striking realism. Leveraging advanced deep learning techniques, the best AI face swap tools meticulously analyze facial features, lighting conditions, and expressions to execute flawless transformations, ensuring natural-looking results that blur the line between reality and illusion, captivating users with their ingenuity and sophistication.
Web:- https://undressbaby.com/
Do you want Software for your Business? Visit Deuglo
Deuglo has top Software Developers in India. They are experts in software development and help design and create custom Software solutions.
Deuglo follows seven steps methods for delivering their services to their customers. They called it the Software development life cycle process (SDLC).
Requirement — Collecting the Requirements is the first Phase in the SSLC process.
Feasibility Study — after completing the requirement process they move to the design phase.
Design — in this phase, they start designing the software.
Coding — when designing is completed, the developers start coding for the software.
Testing — in this phase when the coding of the software is done the testing team will start testing.
Installation — after completion of testing, the application opens to the live server and launches!
Maintenance — after completing the software development, customers start using the software.
Transform Your Communication with Cloud-Based IVR SolutionsTheSMSPoint
Discover the power of Cloud-Based IVR Solutions to streamline communication processes. Embrace scalability and cost-efficiency while enhancing customer experiences with features like automated call routing and voice recognition. Accessible from anywhere, these solutions integrate seamlessly with existing systems, providing real-time analytics for continuous improvement. Revolutionize your communication strategy today with Cloud-Based IVR Solutions. Learn more at: https://thesmspoint.com/channel/cloud-telephony
Measures in SQL (SIGMOD 2024, Santiago, Chile)Julian Hyde
SQL has attained widespread adoption, but Business Intelligence tools still use their own higher level languages based upon a multidimensional paradigm. Composable calculations are what is missing from SQL, and we propose a new kind of column, called a measure, that attaches a calculation to a table. Like regular tables, tables with measures are composable and closed when used in queries.
SQL-with-measures has the power, conciseness and reusability of multidimensional languages but retains SQL semantics. Measure invocations can be expanded in place to simple, clear SQL.
To define the evaluation semantics for measures, we introduce context-sensitive expressions (a way to evaluate multidimensional expressions that is consistent with existing SQL semantics), a concept called evaluation context, and several operations for setting and modifying the evaluation context.
A talk at SIGMOD, June 9–15, 2024, Santiago, Chile
Authors: Julian Hyde (Google) and John Fremlin (Google)
https://doi.org/10.1145/3626246.3653374
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j
Dr. Jesús Barrasa, Head of Solutions Architecture for EMEA, Neo4j
Découvrez les dernières innovations de Neo4j, et notamment les dernières intégrations cloud et les améliorations produits qui font de Neo4j un choix essentiel pour les développeurs qui créent des applications avec des données interconnectées et de l’IA générative.
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesQuickdice ERP
Explore the seamless transition to e-invoicing with this comprehensive guide tailored for Saudi Arabian businesses. Navigate the process effortlessly with step-by-step instructions designed to streamline implementation and enhance efficiency.
Flutter is a popular open source, cross-platform framework developed by Google. In this webinar we'll explore Flutter and its architecture, delve into the Flutter Embedder and Flutter’s Dart language, discover how to leverage Flutter for embedded device development, learn about Automotive Grade Linux (AGL) and its consortium and understand the rationale behind AGL's choice of Flutter for next-gen IVI systems. Don’t miss this opportunity to discover whether Flutter is right for your project.
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsPeter Muessig
The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
PVS-Studio in the Clouds: Azure DevOps
1. PVS-Studio in the Clouds: Azure DevOps
Author: Oleg Andreev, Ilya Gainulin
Date: 13.09.2019
Tags: CSharp, DevOps
This is a second article, which focuses on usage of the PVS-Studio analyzer in cloud CI-systems. This time
we'll consider the platform Azure DevOps - a cloud CICD solution from Microsoft. We'll be analyzing the
ShareX project.
We'll need three components. The first is the PVS-Studio analyzer. The second is Azure DevOps, which we'll
integrate the analyzer with. The third is the project that we'll check in order to demonstrate the abilities of
PVS-Studio when working in a cloud. So let's get going.
PVS-Studio is a static code analyzer for finding errors and security defects. The tool supports the analysis of
C, C++ and C# code.
2. Azure DevOps. The Azure DevOps platform includes such tools as Azure Pipeline, Azure Board, Azure
Artifacts and others that speed up the process of creating software and improve its quality.
ShareX is a free app that lets you capture and record any part of the screen. The project is written in C# and
is eminently suitable to show configuration of the static analyzer launch. The project source code is
available on GitHub.
The output of the cloc command for the ShareX project:
Language files blank comment Code
C# 696 20658 24423 102565
MSBuild script 11 1 77 5859
In other words, the project is small, but quite sufficient to demonstrate the work of PVS-Studio together
with the cloud platform.
Let's Start the Configuration
To start working in Azure DevOps, let's follow the link and press "Start free with GitHub".
Give the Microsoft application access to the GitHub account data.
3. You'll have to create a Microsoft account to complete your registration.
After registration, create a project:
4. Next, we need to move to "Pipelines" - "Builds" and create a new Build pipeline.
When asked where our code is located, we will answer - GitHub.
5. Authorize Azure Pipelines and choose the repository with the project, for which we'll configure the static
analyzer's run.
In the template selection window, choose "Starter pipeline."
6. We can run static code analysis of the project in two ways: using Microsoft-hosted or self-hosted agents.
First, we'll be using Microsoft-hosted agents. Such agents are ordinary virtual machines that launch when
we run our pipeline. They are removed when the task is done. Usage of such agents allows us not to waste
time for their support and updating, but imposes certain restrictions, for example - inability to install
additional software that is used to build a project.
Let's replace the suggested default configuration for the following one for using Microsoft-hosted agents:
# Setting up run triggers
# Run only for changes in the master branch
trigger:
- master
# Since the installation of random software in virtual machines
# is prohibited, we'll use a Docker container,
# launched on a virtual machine with Windows Server 1803
pool:
vmImage: 'win1803'
container: microsoft/dotnet-framework:4.7.2-sdk-windowsservercore-1803
steps:
# Download the analyzer distribution
- task: PowerShell@2
inputs:
7. targetType: 'inline'
script: 'Invoke-WebRequest
-Uri https://files.viva64.com/PVS-Studio_setup.exe
-OutFile PVS-Studio_setup.exe'
- task: CmdLine@2
inputs:
workingDirectory: $(System.DefaultWorkingDirectory)
script: |
# Restore the project and download dependencies
nuget restore .ShareX.sln
# Create the directory, where files with analyzer reports will be saved
md .PVSTestResults
# Install the analyzer
PVS-Studio_setup.exe /VERYSILENT /SUPPRESSMSGBOXES
/NORESTART /COMPONENTS=Core
# Create the file with configuration and license information
"C:Program Files (x86)PVS-StudioPVS-Studio_Cmd.exe"
credentials
-u $(PVS_USERNAME)
-n $(PVS_KEY)
# Run the static analyzer and convert the report in html.
"C:Program Files (x86)PVS-StudioPVS-Studio_Cmd.exe"
-t .ShareX.sln
-o .PVSTestResultsShareX.plog
"C:Program Files (x86)PVS-StudioPlogConverter.exe"
-t html
-o .PVSTestResults
.PVSTestResultsShareX.plog
# Save analyzer reports
- task: PublishBuildArtifacts@1
inputs:
pathToPublish: PVSTestResults
artifactName: PVSTestResults
Note: according to the documentation, the container used has to be cached in the image of the virtual
machine, but at the time of writing the article it's not working and the container is downloaded every time
the task starts, which has a negative impact on the execution timing.
Let's save the pipeline and create variables which will be used for creating the license file. To do this, open
the pipeline edit window and click "Variables" in the top right corner.
8. Then, add two variables - PVS_USERNAME and PVS_KEY, containing the user name and license key
respectively. When creating the PVS_KEY variable don't forget to select "Keep this value secret" to encrypt
values of the variable with a 2048-bit RSA key and to suppress the output of the variable value in the task
performance log.
Save variables and run the pipeline by clicking "Run".
The second option to run the analysis - use a self-hosted agent. We can customize and manage self-hosted
agents ourselves. Such agents give more opportunities to install software, needed for building and testing
our software product.
Before using such agents, you have to configure them according to the instruction and install and configure
the static analyzer.
To run the task on a self-hosted agent, we'll replace the suggested configuration with the following:
# Setting up triggers
# Run the analysis for master-branch
9. trigger:
- master
# The task is run on a self-hosted agent from the pool 'MyPool'
pool: 'MyPool'
steps:
- task: CmdLine@2
inputs:
workingDirectory: $(System.DefaultWorkingDirectory)
script: |
# Restore the project and download dependencies
nuget restore .ShareX.sln
# Create the directory where files with analyzer reports will be saved
md .PVSTestResults
# Run the static analyzer and convert the report in html.
"C:Program Files (x86)PVS-StudioPVS-Studio_Cmd.exe"
-t .ShareX.sln
-o .PVSTestResultsShareX.plog
"C:Program Files (x86)PVS-StudioPlogConverter.exe"
-t html
-o .PVSTestResults
.PVSTestResultsShareX.plog
# Save analyzer reports
- task: PublishBuildArtifacts@1
inputs:
pathToPublish: PVSTestResults
artifactName: PVSTestResults
Once the task is complete, you can download the archive with analyzer reports under the "Summary" tab or
you can use the extension Send Mail that enables to configure emailing or consider another convenient tool
on Marketplace.
10. Analysis Results
Now let's look at some bugs found in the tested project, ShareX.
Excessive checks
To warm up, let's start with simple flaws in the code, namely, with redundant checks:
private void PbThumbnail_MouseMove(object sender, MouseEventArgs e)
{
....
IDataObject dataObject
= new DataObject(DataFormats.FileDrop,
new string[] { Task.Info.FilePath });
if (dataObject != null)
{
Program.MainForm.AllowDrop = false;
dragBoxFromMouseDown = Rectangle.Empty;
pbThumbnail.DoDragDrop(dataObject,
DragDropEffects.Copy | DragDropEffects.Move);
Program.MainForm.AllowDrop = true;
}
....
}
11. PVS-Studio warning: V3022 [CWE-571] Expression 'dataObject != null' is always true.
TaskThumbnailPanel.cs 415
Let's pay attention to the check of the dataObject variable for null. Why is it here? dataObject cannot be null
in this case, as it's initialized by a reference on a created object. As a result, we have an excessive check.
Critical? No. Looks succinct? No. This check is clearly better being removed so as not to clutter the code.
Let's look at another fragment of code which we can comment in a similar way:
private static Image GetDIBImage(MemoryStream ms)
{
....
try
{
....
return new Bitmap(bmp);
....
}
finally
{
if (gcHandle != IntPtr.Zero)
{
GCHandle.FromIntPtr(gcHandle).Free();
}
}
....
}
private static Image GetImageAlternative()
{
....
using (MemoryStream ms = dataObject.GetData(format) as MemoryStream)
{
if (ms != null)
{
try
{
Image img = GetDIBImage(ms);
if (img != null)
{
return img;
}
}
catch (Exception e)
{
DebugHelper.WriteException(e);
}
}
}
....
}
12. PVS-Studio warning: V3022 [CWE-571] Expression 'img != null' is always true. ClipboardHelpers.cs 289
In the GetImageAlternative method, the img variable is checked that it's not null right after a new instance
of the Bitmap class is created. The difference from the previous example here is that we use the
GetDIBImage method instead of the constructor to initialize the img variable. The code author suggests that
an exception might occur in this method, but he declares only blocks try and finally, omitting catch.
Therefore, if an exception occurs, the caller method GetImageAlternative won't get a reference to an object
of the Bitmap type, but will have to handle the exception in its own catch block. In this case, the img
variable won't be initialized and the execution thread won't even reach the img != null check but will get in
the catch block. Consequently, the analyzer did point to an excessive check.
Let's consider the following example of a V3022 warning:
private void btnCopyLink_Click(object sender, EventArgs e)
{
....
if (lvClipboardFormats.SelectedItems.Count == 0)
{
url = lvClipboardFormats.Items[0].SubItems[1].Text;
}
else if (lvClipboardFormats.SelectedItems.Count > 0)
{
url = lvClipboardFormats.SelectedItems[0].SubItems[1].Text;
}
....
}
PVS-Studio warning: V3022 [CWE-571] Expression 'lvClipboardFormats.SelectedItems.Count > 0' is always
true. AfterUploadForm.cs 155
Let's take a closer look at the second conditional expression. There we check the value of the read-only
Count property. This property shows the number of elements in the instance of the collection
SelectedItems. The condition is only executed if the Count property is greater than zero. It all would be fine,
but in the external if statement Count is already checked for 0. The instance of the SelectedItems collection
cannot have the number of elements less than zero, therefore, Count is either equal or greater than 0. Since
we've already performed the Count check for 0 in the first if statement and it was false, there's no point to
write another Count check for being greater than zero in the else branch.
The final example of a V3022 warning will be the following fragment of code:
private void DrawCursorGraphics(Graphics g)
{
....
int cursorOffsetX = 10, cursorOffsetY = 10, itemGap = 10, itemCount = 0;
Size totalSize = Size.Empty;
int magnifierPosition = 0;
Bitmap magnifier = null;
if (Options.ShowMagnifier)
{
if (itemCount > 0) totalSize.Height += itemGap;
13. ....
}
....
}
PVS-Studio warning: V3022 Expression 'itemCount > 0' is always false. RegionCaptureForm.cs 1100
The analyzer noticed that the condition itemCount > 0 will always be false, as the itemCount variable is
declared and at the same time assigned zero above. This variable isn't used anywhere up to the very
condition, therefore the analyzer was right about the conditional expression, whose value is always false.
Well, let's now look at something really sapid.
The best way to understand a bug is to visualize a bug
It seems to us that a rather interesting error was found in this place:
public static void Pixelate(Bitmap bmp, int pixelSize)
{
....
float r = 0, g = 0, b = 0, a = 0;
float weightedCount = 0;
for (int y2 = y; y2 < yLimit; y2++)
{
for (int x2 = x; x2 < xLimit; x2++)
{
ColorBgra color = unsafeBitmap.GetPixel(x2, y2);
float pixelWeight = color.Alpha / 255;
r += color.Red * pixelWeight;
g += color.Green * pixelWeight;
b += color.Blue * pixelWeight;
a += color.Alpha * pixelWeight;
weightedCount += pixelWeight;
}
}
....
ColorBgra averageColor = new ColorBgra((byte)(b / weightedCount),
(byte)(g / weightedCount), (byte)(r / weightedCount),
(byte)(a / pixelCount));
....
}
I wouldn't like to show all the cards and reveal what our analyzer has found, so let's put it aside for a while.
By the name of the method, it is easy to guess what it is doing - you give it an image or a fragment of an
image, and it pixelates it. The method's code is quite long, so we won't cite it entirely, but just try to explain
its algorithm and explain what kind of a bug PVS-Studio managed to find.
14. This method receives two parameters: an object of the Bitmap type and the value of the int type that
indicates the size of pixelation. The operation algorithm is quite simple:
1) Divide the received image fragment into squares with the side equal to the size of pixelation. For
instance, if we have the pixelation size equal to 15, we'll get a square, containing 15x15=225 pixels.
2) Further, we traverse each pixel in this square and accumulate the values of the fields Red, Green, Blue
and Alpha in intermediate variables, and before that multiply the value of the corresponding color and the
alpha channel by the pixelWeight variable, obtained by dividing the Alpha value by 255 (the Alpha variable is
of the byte type). Also when traversing pixels we sum up the values, written in pixelWeight into the
weightedCount variable. The code fragment that executes the above actions is as follows:
ColorBgra color = unsafeBitmap.GetPixel(x2, y2);
float pixelWeight = color.Alpha / 255;
r += color.Red * pixelWeight;
g += color.Green * pixelWeight;
b += color.Blue * pixelWeight;
a += color.Alpha * pixelWeight;
weightedCount += pixelWeight;
By the way, note that if the value of the Alpha variable is zero, pixelWeight won't add to the weightedCount
variable any value for this pixel. We'll need that in the future.
3) After traversing all pixels in the current square, we can make a common "average" color for this square.
The code doing this looks as follows:
ColorBgra averageColor = new ColorBgra((byte)(b / weightedCount),
(byte)(g / weightedCount), (byte)(r / weightedCount),
(byte)(a / pixelCount));
4) Now when we got the final color and wrote it in the averageColor variable, we can again traverse each
pixel of the square and assign it a value from averageColor.
5) Go back to the point 2 while we have unhandled squares.
Once again, the weightedCount variable isn't equal to the number of all pixels in a square. For example, if an
image contains a completely transparent pixel (zero value in the alpha channel), the pixelWeight variable
will be zero for this pixel (0 / 255 = 0). Therefore, this pixel won't effect formation of the weightedCount
variable. It's quite logical - there's no point to take into account colors of a completely transparent pixel.
So it all seems reasonable - pixelation must work correctly. And it actually does. That's just not for png
images that include pixels with values in the alpha channel below 255 and unequal to zero. Notice the
pixelated picture below:
15. Have you seen the pixelation? Neither have we. Okay, now let's reveal this little intrigue and explain where
exactly the bug is hiding in this method. The error crept into the line of the pixelWeight variable
computation:
float pixelWeight = color.Alpha / 255;
The fact of the matter is that when declaring the pixelWeight variable as float, the code author implied that
when dividing the Alpha field by 255, he'll get fractional numbers in addition to zero and one. This is where
the problem hides, as the Alpha variable is of the byte type. When diving it by 255, we get an integer value.
Only after that it'll be implicitly cast to the float type, meaning that the fractional part gets lost.
It's easy to explain why it's impossible to pixelate png images with some transparency. Since for these pixels
values of the alpha channel are in the range 0 < Alpha < 255, the Alpha variable divided by 255 will always
result in 0. Therefore, values of the variables pixelWeight, r, g, b, a, weightedCount will also always be 0. As
a result, our averageColor will be with zero values in all channels: red - 0, blue - 0, green - 0, alpha - 0. By
painting a square in this color, we do not change the original color of the pixels, as the averageColor is
absolutely transparent. To fix this error, we just need to explicitly cast the Alpha field to the float type. Fixed
version of the code line might look like this:
float pixelWeight = (float)color.Alpha / 255;
Well, it's high time to cite the message of PVS-Studio for the incorrect code:
PVS-Studio warning: V3041 [CWE-682] The expression was implicitly cast from 'int' type to 'float' type.
Consider utilizing an explicit type cast to avoid the loss of a fractional part. An example: double A =
(double)(X) / Y;. ImageHelpers.cs 1119
For comparison, let us cite the screenshot of a truly pixelated image, obtained on the corrected application
version:
16. Potential NullReferenceException
public static bool AddMetadata(Image img, int id, string text)
{
....
pi.Value = bytesText;
if (pi != null)
{
img.SetPropertyItem(pi);
return true;
}
....
}
PVS-Studio warning: V3095 [CWE-476] The 'pi' object was used before it was verified against null. Check
lines: 801, 803. ImageHelpers.cs 801
This code fragment shows that the author expected that the pi variable can be null, that is why before
calling the method SetPropertyItem, the check pi != null takes place. It's strange that before this check the
property is assigned an array of bytes, because if pi is null, an exception of the NullReferenceException type
will be thrown.
A similar situation has been noticed in another place:
private static void Task_TaskCompleted(WorkerTask task)
{
....
task.KeepImage = false;
if (task != null)
{
if (task.RequestSettingUpdate)
{
Program.MainForm.UpdateCheckStates();
17. }
....
}
....
}
PVS-Studio warning: V3095 [CWE-476] The 'task' object was used before it was verified against null. Check
lines: 268, 270. TaskManager.cs 268
PVS-Studio found another similar error. The point is the same, so there is no great need to cite the code
fragment, the analyzer message will be enough.
PVS-Studio warning: V3095 [CWE-476] The 'Config.PhotobucketAccountInfo' object was used before it was
verified against null. Check lines: 216, 219. UploadersConfigForm.cs 216
The same return value
A suspicious code fragment was found in the EvalWindows method of the WindowsList class, which returns
true in all cases:
public class WindowsList
{
public List<IntPtr> IgnoreWindows { get; set; }
....
public WindowsList()
{
IgnoreWindows = new List<IntPtr>();
}
public WindowsList(IntPtr ignoreWindow) : this()
{
IgnoreWindows.Add(ignoreWindow);
}
....
private bool EvalWindows(IntPtr hWnd, IntPtr lParam)
{
if (IgnoreWindows.Any(window => hWnd == window))
{
return true; // <=
}
windows.Add(new WindowInfo(hWnd));
return true; // <=
}
}
PVS-Studio warning: V3009 It's odd that this method always returns one and the same value of 'true'.
WindowsList.cs 82
In seems logical that if in the list named IgnoreWindows there is a pointer with the same name as hWnd, the
method must return false.
The IgnoreWindows list can be filled either when calling the constructor WindowsList(IntPtr ignoreWindow)
or directly through accessing the property as it's public. Anyway, according to Visual Studio, at the moment
in the code this list is not filled. This is another strange place of this method.
18. Note. After talking to one of the ShareX developers, we found out that the EvalWindows method that
always returns true value was intentionally written like that.
Unsafe call of event handlers
protected void OnNewsLoaded()
{
if (NewsLoaded != null)
{
NewsLoaded(this, EventArgs.Empty);
}
}
PVS-Studio warning: V3083 [CWE-367] Unsafe invocation of event 'NewsLoaded', NullReferenceException is
possible. Consider assigning event to a local variable before invoking it. NewsListControl.cs 111
Here a very nasty case might occur. After checking the NewsLoaded variable for null, the method, which
handles an event, can be unsubscribed, for example, in another thread. In this case, by the time we get into
the body of the if statement, the variable NewsLoaded will already be null. A NullReferenceException might
occur when trying to call subscribers from the event NewsLoaded, which is null. It is much safer to use a
null-conditional operator and rewrite the code above as follows:
protected void OnNewsLoaded()
{
NewsLoaded?.Invoke(this, EventArgs.Empty);
}
The analyzer pointed to 68 similar fragments. We won't describe them all - they all have a similar call
pattern.
Return null from ToString
Recently I've found out from an interesting article of my colleague that Microsoft doesn't recommend
returning null from the overridden method ToString. PVS-Studio is well aware of this:
public override string ToString()
{
lock (loggerLock)
{
if (sbMessages != null && sbMessages.Length > 0)
{
return sbMessages.ToString();
}
return null;
}
}
PVS-Studio warning: V3108 It is not recommended to return 'null' from 'ToSting()' method. Logger.cs 167
Why assigned if not used?
public SeafileCheckAccInfoResponse GetAccountInfo()
{
string url = URLHelpers.FixPrefix(APIURL);
19. url = URLHelpers.CombineURL(APIURL, "account/info/?format=json");
....
}
PVS-Studio warning: V3008 The 'url' variable is assigned values twice successively. Perhaps this is a mistake.
Check lines: 197, 196. Seafile.cs 197
As we can see from the example, when declaring the url variable, it is assigned a value, returned from the
method FixPrefix. In the next line, we clear the obtained value even without using it anywhere. We get
something similar to dead code: it works, but doesn't effect the result. Most likely, this error is a result of a
copy-paste, as such code fragments take place in 9 more methods. As an example, we'll cite two methods
with a similar first line:
public bool CheckAuthToken()
{
string url = URLHelpers.FixPrefix(APIURL);
url = URLHelpers.CombineURL(APIURL, "auth/ping/?format=json");
....
}
....
public bool CheckAPIURL()
{
string url = URLHelpers.FixPrefix(APIURL);
url = URLHelpers.CombineURL(APIURL, "ping/?format=json");
....
}
Conclusions
As we can see, configuration complexity of automatic analyzer checks doesn't depend on a chosen CI-
system. It took us literally 15 minutes and several mouse clicks to configure checking of our project code
with a static analyzer.
In conclusion, we invite you to download and try the analyzer on your projects.