Coverity Code Scan

laoshanxi · laoshanxi · commit 2de98f75cbca · 2025-11-04T10:39:08.000+08:00
diff --git a/.github/workflows/code-scan-coverity.yml b/.github/workflows/code-scan-coverity.yml
@@ -0,0 +1,43 @@
+name: "security-coverity-scan"
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [main]
+    paths:
+      - "main/**"
+      - ".github/workflows/code-scan-coverity.yml"
+
+permissions: # added using https://github.com/step-security/secure-workflows
+  contents: read
+
+env:
+  XIAOZHI_VERSION: "2.0.4"
+
+jobs:
+  coverity-cpp-code-scan:
+    runs-on: ubuntu-latest
+    container: espressif/idf:release-v5.5
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@v2
+        with:
+          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
+      - name: Checkout Github code
+        uses: actions/checkout@v5
+
+      - name: Install missing tools for Coverity scan
+        run: |
+          apt-get update
+          apt-get install -y file
+
+      - name: Coverity scan with build command
+        uses: vapier/coverity-scan-action@v1
+        with:
+          project: esp32-xiaozhi
+          token: ${{ secrets.COVERITY_SCAN_TOKEN }}
+          email: ${{ secrets.COVERITY_SCAN_EMAIL }}
+          version: ${{ env.XIAOZHI_VERSION }}
+          command: bash -c "source $IDF_PATH/export.sh && python scripts/release.py jiuchuan-s3 --name jiuchuan-s3"
diff --git a/README.md b/README.md
@@ -166,3 +166,10 @@ v1 的稳定版本为 1.9.2，可以通过 `git checkout v1` 来切换到 v1 版
    <img alt="Star History Chart" src="https://api.star-history.com/svg?repos=78/xiaozhi-esp32&type=Date" />
  </picture>
 </a>
+
+## Coverity scan
+
+<a href="https://scan.coverity.com/projects/esp32-xiaozhi">
+  <img alt="Coverity Scan Build Status"
+       src="https://scan.coverity.com/projects/32587/badge.svg"/>
+</a>
diff --git a/README_en.md b/README_en.md
@@ -169,4 +169,11 @@ If you have any ideas or suggestions, please feel free to raise Issues or join t
    <source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/svg?repos=78/xiaozhi-esp32&type=Date" />
    <img alt="Star History Chart" src="https://api.star-history.com/svg?repos=78/xiaozhi-esp32&type=Date" />
  </picture>
-</a> 
+</a>
+
+## Coverity scan
+
+<a href="https://scan.coverity.com/projects/esp32-xiaozhi">
+  <img alt="Coverity Scan Build Status"
+       src="https://scan.coverity.com/projects/32587/badge.svg"/>
+</a>
diff --git a/README_ja.md b/README_ja.md
@@ -165,4 +165,11 @@ Feishuドキュメントチュートリアルをご覧ください：
    <source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/svg?repos=78/xiaozhi-esp32&type=Date" />
    <img alt="Star History Chart" src="https://api.star-history.com/svg?repos=78/xiaozhi-esp32&type=Date" />
  </picture>
-</a> 
+</a>
+
+## Coverity scan
+
+<a href="https://scan.coverity.com/projects/esp32-xiaozhi">
+  <img alt="Coverity Scan Build Status"
+       src="https://scan.coverity.com/projects/32587/badge.svg"/>
+</a>
