I've set up a project to use Coverity Scan.

Under Analysis Settings→Project Components I have

Component name  Pattern              Ignore in analysis     
cxxopts         .*/src/cxxopts.hpp         Yes  
STL             /usr/include/c++/.*        Yes  

but still when I go to View defects I see 9 issues, all from files like /usr/include/c++/5.4.1/functional. How do I actually exclude them?

Confusingly, the Overview tab shows

12 Total defects
2 Outstanding
7 Dismissed
3 Fixed

even though View defects shows 9 issues (is that the 7+2? Why are some outstanding and some dismissed, when all should be ignored?)

It looks like a regex pattern, in which case the "++" likely needs some form of escaping. I'm not sure which form, because I don't know how the strings are being interpreted or what kind of regex syntax is being used, but some variant of the following should work:

/usr/include/c\+\+/.*
/usr/include/c\\+\\+/.*
/usr/include/c\\\+\\\+/.*

If none of these work, I'd suggest contacting scan-admin@coverity.com (listed as the contact email for questions on the scan website).

This would also explain why the overview shows results from these files at all.