The Coverity Code Advisor solution helps reduce risk and lower overall project cost by identifying critical quality defects and potential security vulnerabilities during development. The solution utilizes sophisticated source code analysis to find the most critical defects in highly complex code bases, leveraging patented techniques for deep analysis and accurate issue detection.
The Coverity Code Advisor solution finds critical issues such as:
- API usage errors
- Best practice coding errors
- Build system issues
- Buffer overflows
- Class hierarchy inconsistencies
- Code maintainability issues
- Concurrent data access violations
- Control flow issues
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- Error handling issues
- Hard-coded credentials
- Incorrect expression
- Insecure data handling
- Integer handling issues
- Integer overflows
- Memory – corruptions
- Memory – illegal accesses
- Null pointer dereferences
- Path manipulation
- Performance inefficiencies
- Program hangs
- Race conditions
- Resource leaks
- Rule violations
- Security best practices violations
- Security misconfigurations
- SQL Injection
- Uninitialized members
Coverity Connect is the collaborative issue management console that efficiently manages all issues surfaced by Coverity development testing solutions to resolution within a unified workflow.
- Prioritization and filtering based on criticality and impact.
- Source code navigation to identify the exact path to the defect.
- Patent-pending remediation engine enables security vulnerabilities to be quickly addressed without requiring deep domain expertise.
- Automatic identification of every occurrence of a defect across branches.
- CWE Compatible mapping and knowledge base for each defect.
- Automatic assignment of defects to the appropriate developer.
In addition to quality and security defects identified through the Coverity Code Advisor solution, you can seamlessly integrate additional analysis results to efficiently manage multiple types of issues to resolution within a unified development testing workflow.
Coverity offers the following analysis packs:
Coverity Dynamic Analysis: Identify concurrency issues such as race conditions, deadlocks and resource leaks by analyzing Java programs as they run. View and manage both static and dynamically identified quality defects in a single workflow.
Coverity Architecture Analysis: Visualize the code structure to identify dependency conflicts and interface violations, detect architectural flaws that could create exposure, manage code complexity and enforce architectural design rules.
Analysis Integration: Manage FindBugs and FxCop defects in the same workflow as defects found by Coverity development testing solutions, providing your developers with a single workflow for finding and fixing defects.
We know you probably use multiple analysis tools – no one tool can find every type of defect. That’s why our platform is open, so you can import third party analysis results into our workflow to view and manage all types of defects in the same way. Your developers are more productive by not having to deal with multiple tools and workflows. And you get a single view of software risks.
Our platform works seamlessly within your current process and integrates with the most popular development tools and technologies, to make development testing a natural part of the SDLC process.
Coverity supports integrations with the critical tools and systems used to support the development process, including:
- IDEs to surface and remediate defects before code check in, right at the desktop.
- Code coverage and test execution frameworks to help focus testing efforts.
- Source control management to map defects to code changes and responsible developers.
- Bug tracking to link defects to your overall defect management process.
- Build and continuous integration to automatically test for defects with every build or as part of an Agile process.
- ALM solutions for increased traceability and collaboration with QA.
Check out our full list of SDLC integrations.