Application Architecture Data of Over 2,500 Open Source Projects Now Available at Coverity Scan Site

Coverity Inc., the software integrity company, today announced the publication of application architecture data from over 2,500 popular open source software projects at www.scan.coverity.com. As an outgrowth of its contract with the U.S. Department of Homeland Security (DHS), Coverity™ collected this data via the Scan site using the Coverity Architecture Analyzer product. This new, publicly accessible resource includes application architecture files and generated diagrams that will benefit developers planning to incorporate open source packages in their applications, as well as developers that want to learn the architectures of successful projects to improve the structure of their own applications.

“I’ve tried the Coverity Architecture Analyzer application, and it showed me some unexpected references between parts of the code that I want to investigate,” said Volker Lendecke of the Samba Team. “I’m glad to hear the architecture diagrams can be included on our project wiki as documentation to help new developers get up to speed more quickly.”

The Scan architecture library is a database of application architecture diagrams from over 2,500 open source projects such as Amanda, NTP, OpenPAM, OpenVPN, Overdose, Perl, PHP, Postfix, Python, Samba, and TCL. Each diagram displays dozens to hundreds of components that comprise a given software project.

According to Forrester Research, “A high-performance scalable architecture depends on continually optimizing your application architecture so that different components built in myriad languages interoperate according to performance best practices. Application architecture is not about “set it and forget it.” It requires continuous care and feeding to identify and solve problems, take advantage of new platforms, and handle new loads and new features.” (Best Practices: Attaining and Maintaining Blazing Fast Web Site Performance”, Forrester Research, Inc., February 2009.)

The ability to study a visual presentation of an application’s architecture and related data offers a number of benefits to developers. For example, developers planning to use or build on top of a project in the Scan library can optimize their use of it by comparing architecture plans to other codebases that use the same project. This allows developers to more fully understand the structure and capabilities of the open source software they intend to consume.

For developers writing a plug-in or module for an existing open source package, understanding its architecture helps ensure their design is aligned with the expectations and intent of the target open source application. Finally, developers creating a particular type of application, such as a web server, can study the architecture of similar, successful open source projects to improve and accelerate the development of their own application architecture.

“This new resource is another part of Coverity’s ongoing efforts to provide valuable resources to the software development community, while advancing the state of the art in developing high integrity software,” said David Maxwell, open source strategist for Coverity and NetBSD developer. “Sharing the structural data of a wide variety of application types will be a resource for both open source and commercial developers who are planning to use a specific open source project, as well as developers that are simply curious to learn more about application architectures in general.”

Since 2006, the Scan site has leveraged Coverity’s static analysis technology to analyze 50 million lines of code on a daily basis from more than 250 projects. Since its launch, open source developers have used the Scan site to identify and eliminate over 8,500 security vulnerabilities and quality defects. The new Scan architecture library is publicly available at Coverity’s Scan site http://scan.coverity.com/arch/

The Scan architecture library was created using Coverity Architecture Analyzer. The product automatically maps the relationships between code elements at the function and file levels, identifying the underlying structure of software to help developers identify violations of architectural standards. Coverity Architecture Analyzer requires no change to the source code or build environment.

Open source developers may request inclusion in the Coverity Scan, or complimentary licenses of Coverity Architecture Analyzer for use with the data collected in the Coverity Architecture Database by emailing scan-admin@coverity.com. Trials of Coverity Architecture Analyzer can be downloaded immediately, for use with the Coverity Architecture Library, by registering at http://scan.coverity.com/arch/trial

Developers who participate in the Scan project also receive access to an interactive Coverity Architecture Analyzer application for browsing the library in greater detail.

About Coverity Scan

The Coverity Scan site was developed by Coverity with support from the U.S. Department of Homeland Security as part of the federal government’s Open Source Code Hardening Project. The site divides open source projects into rungs based on the progress each project makes in resolving defects. Projects at higher rungs receive access to additional analysis capabilities and configuration options. Projects are promoted as they resolve the majority of defects identified at their current rung. The Coverity Scan site is freely available to qualified open source projects at: http://scan.coverity.com