Docker is a software for automating deployment and management of applications in environments that support OS-level virtualization (containers). Docker can "pack" an application with its entire environment and dependencies into a container, that can then be deployed at any system with Docker installation.
You can use Dockerfile to build an image with the latest version of PVS-Studio included.
On debian-based systems:
FROM gcc:7
# INSTALL DEPENDENCIES
RUN apt update -yq \
&& apt install -yq --no-install-recommends wget \
&& apt clean -yq
# INSTALL PVS-Studio
RUN wget -q -O - https://files.viva64.com/etc/pubkey.txt | apt-key add - \
&& wget -O /etc/apt/sources.list.d/viva64.list \
https://files.viva64.com/etc/viva64.list \
&& apt update -yq \
&& apt install -yq pvs-studio strace \
&& pvs-studio --version \
&& apt clean -yq
On zypper-based systems:
FROM opensuse:42.3
# INSTALL DEPENDENCIES
RUN zypper update -y \
&& zypper install -y --no-recommends wget \
&& zypper clean --all
# INSTALL PVS-Studio
RUN wget -q -O /tmp/viva64.key https://files.viva64.com/etc/pubkey.txt \
&& rpm --import /tmp/viva64.key \
&& zypper ar -f https://files.viva64.com/rpm viva64 \
&& zypper update -y \
&& zypper install -y --no-recommends pvs-studio strace \
&& pvs-studio --version \
&& zypper clean -all
On yum-based systems:
FROM centos:7
# INSTALL DEPENDENCIES
RUN yum update -y -q \
&& yum install -y -q wget \
&& yum clean all -y -q
# INSTALL PVS-Studio
RUN wget -q -O /etc/yum.repos.d/viva64.repo \
https://files.viva64.com/etc/viva64.repo \
&& yum install -y -q pvs-studio strace \
&& pvs-studio --version \
&& yum clean all -y -q
Command to build an image:
docker build -t viva64/pvs-studio:7.05 -f Dockerfile
Note. A base image and dependencies must be changed according to the target project.
To start the analysis, for example, of a CMake-based project, execute the following command:
docker run --rm -v "~/Project":"/mnt/Project" \
-w "/mnt/Project" viva64/pvs-studio:7.05 \
sh -c 'mkdir build && cd build &&
cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=On .. && make -j8 &&
pvs-studio-analyzer analyze ... -o report.log -j8 ...'
It is recommended that you run the converter of analyzer-generated reports (plog-converter) outside the container to ensure that reports contain correct paths to the source files. The only report type that you may want to generate inside the container is fullhtml (an HTML report file that supports message sorting and code navigation). To have other report types generated, you will need to additionally configure the analyzer.
When checking non-CMake projects in a container using the compiler call tracing mode, you may get this error:
strace: ptrace(PTRACE_TRACEME, ...): Operation not permitted
Error: Command strace returned 1 code.
To eliminate this error, run Docker with extended privileges by executing this command:
docker run ... --security-opt seccomp:unconfined ...
or like this:
docker run ... --cap-add SYS_PTRACE ...
Specifying the license file
Since a container's lifetime is limited, the analyzer license file should be committed into the image or specified by mounting the directory containing that file and specifying the path to it:
pvs-studio-analyzer analyze ... -l /path/to/PVS-Studio.lic ...
Restoring paths to source files in the report
To get a report with correct paths to the source files, specify the path to the project directory first:
pvs-studio-analyzer analyze ... -r /path/to/project/in/container ...
After that, run the report converter outside the container.
On Linux or macOS:
plog-converter ... -r /path/to/project/on/host ...
On Windows:
PlogConverter.exe ... -r /path/to/project/on/host
On Windows, you can also use the Compiler Monitoring UI utility to open the report file without converting it.
Excluding directories from analysis
You can exclude the compiler directory or directories with third-party libraries or tests by adding the -e parameter:
pvs-studio-analyzer analyze ... -e /path/to/tests ... -e /path/to/contrib ...
Specifying the cross compiler
If your container includes a cross compiler or compiler without aliases (for example, g++-7), its name must be specified additionally:
pvs-studio-analyzer analyze ... -C g++-7 -C compilerName ...
Installing from an archive
FROM openkbs/ubuntu-bionic-jdk-mvn-py3
ARG PVS_STUDIO_CORE="7.05.35582"
RUN wget "https://files.viva64.com/java/pvsstudio-cores/${PVS_STUDIO_CORE}.zip"\
-O ${PVS_STUDIO_CORE}.zip \
&& mkdir -p ~/.config/PVS-Studio-Java \
&& unzip ${PVS_STUDIO_CORE}.zip -d ~/.config/PVS-Studio-Java \
&& rm -rf ${PVS_STUDIO_CORE}.zip
Command to build an image:
docker build -t viva64/pvs-studio:7.05 -f Dockerfile
Committing the analyzer layer
The analyzer is unpacked automatically at the first analysis of a project. You can specify the container's name and perform the analysis first:
docker run --name analyzer
-v "D:\Project":"/mnt/Project"
openkbs/ubuntu-bionic-jdk-mvn-py3
sh -c "cd /mnt/Project && mvn package
&& mvn pvsstudio:pvsAnalyze -Dpvsstudio.licensePath=/path/to/PVS-Studio.lic"
and then commit to a new image:
docker commit analyzer viva64/pvs-studio:7.05
Note. A base image and dependencies must be changed according to the target project. Make sure you install and launch the analyzer as the same user.
Regular checks should be launched in the same way with the --rm parameter added:
docker run --rm -v "D:\Project":"/mnt/Project"
openkbs/ubuntu-bionic-jdk-mvn-py3
sh -c "cd /mnt/Project
&& mvn package
&& mvn pvsstudio:pvsAnalyze -Dpvsstudio.licensePath=/path/to/PVS-Studio.lic"
All of the parameters are specified in the Maven or Gradle project file, into which the analysis is integrated.
Documentation for this section is under development.
Documentation for this section is under development.