If you hitch a ride with a scorpion…

I haven’t seen a blog post or notice about this, but according to the Twitters, Coverity has stopped supporting online scanning for open source projects. Is anybody shocked by this? Anybody?

Chris Aniszczyk (@cra) tweets: "sigh coverity stopped supporting their online scanning for open source projects... C/C++ code scan tool that integrates beautifully with github?"

This comes the same week that Slack announces that they’re ending support for IRC/XMPP gateways — that is, the same tools that persuaded a number of people that it’s OK to adopt a proprietary chat service, because they’d always be able to use open clients to connect.

Not sure what the story is with Coverity, but it probably has something to do with 1) they haven’t been able to monetize the service the way they hoped, or 2) they’ve been able to monetize the service and don’t fancy spending the money anymore or 3) they’ve pivoted entirely and just aren’t doing the scanning thing. Not sure which, don’t really care — the end result is the same. Open source projects that have come to depend on this now have to scramble to replace the service.

We’ve seen this before with a litany of variations. BitKeeper pulling the plug on its freebies for kernel developers. SourceForge.net taking turns for the worse and driving a number of projects away. Google Chat / Hangouts stopped federating with XMPP clients outside its network. Transifex closing its source code… I could go on, those are just the ones that jump to top of mind.

I’m not going to go all RMS, but the only way to prevent this is to have open tools and services. And pay for them.

2 thoughts on “If you hitch a ride with a scorpion…

  1. They didn’t stop it. Here is the explanation, from an email sent by Coverity:

    As you may be aware, there recently was an interruption in the availability of the Coverity Scan service. In February 2018, we discovered that servers used for the Coverity Scan service were accessed by an unauthorized third-party. The access appears to have started earlier in the month. We suspect that the access was to utilize our computing power for cryptocurrency mining. We have not found evidence that database files or artifacts uploaded by the open source community users of the Coverity Scan service were accessed. We retained a well-known computer forensics company to assist us in our investigation.

    We have closed the method of access, and the Coverity Scan service is again available as a free service to the open source community. The Coverity Scan service data is backed up frequently, and Coverity Scan service data will be restored. We regret any inconvenience caused by the downtime of the Coverity Scan service.

Leave a Reply

Your email address will not be published. Required fields are marked *