Commit 50174ab459e7a6c007f6ffa15d381f2f18bd89b8

Patrick Steinhardt 2016-02-10T11:06:23

coverity: use https URL for posting build When posting our instrumented build results to Coverity we have to include sensitive information, in particular our authorization token. Currently we use an unencrypted channel to post this information, leading to the token being transferred in plain. Fix this by using a secured connection instead.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
diff --git a/script/coverity.sh b/script/coverity.sh
index 785044c..8c82689 100755
--- a/script/coverity.sh
+++ b/script/coverity.sh
@@ -50,10 +50,9 @@ COVERITY_UNSUPPORTED=1 \
 tar czf libgit2.tgz cov-int
 SHA=$(git rev-parse --short HEAD)
 curl \
-	--form project=libgit2 \
 	--form token="$COVERITY_TOKEN" \
 	--form email=bs@github.com \
 	--form file=@libgit2.tgz \
 	--form version="$SHA" \
 	--form description="Travis build" \
-	http://scan5.coverity.com/cgi-bin/upload.py
+	https://scan.coverity.com/builds?project=libgit2