Unified View of Static Analysis and Dynamic Analysis Defects
Development testing is a safety net for developers. It enables you to lower the risk of introducing defects into production without impacting the release schedule.
Coverity Static Analysis and Coverity Dynamic Analysis Integration
Coverity Integrity Manager provides the industry's first and only tightly-coupled integration between Coverity Static Analysis and Coverity Dynamic Analysis to further increase the accuracy of static analysis results and speed the dynamic detection of defects in your code.
Static analysis and dynamic analysis are complementary techniques, as static analysis identifies a larger range of defects by traversing all possible execution paths, while dynamic analysis focuses on the paths that are exercised in test workloads. But both are necessary for Java applications, as dynamic analysis identifies concurrency defects that static analysis may miss given that certain errors can only occur at run-time.
By combining static analysis and dynamic analysis techniques together, Coverity Integrity Manager increases the accuracy and speed of defect detection to provide the most thorough analysis of race conditions, deadlocks, and resource leaks.
Centralized Management of Static and Dynamic Analysis Defects
By combining both Coverity Static Analysis and Coverity Dynamic Analysis results into a single view through the Coverity Integrity Manager interface, you can easily view and manage all Coverity-identified defects together. By viewing both static and dynamic analysis defects in one place, it increases the efficiency of the defect resolution process by fixing defects based upon their risk and impact, and provides visibility into defect status and trending across your entire project or product portfolio.
Enterprise Deployments
Coverity Integrity Manager was designed for large, global and agile development organizations, with a multi-tiered architecture consisting of enterprise-class infrastructure modules. It was designed specifically to support teams with hundreds of concurrent users needing robust access control and a flexible and extensible platform.
Centralized Deployments
Coverity Integrity Manager supports centralized deployments through consolidated reporting for better visibility into defect status across the product portfolio, shared defect triage information to increase developer efficiency, and role based access controls based on segregation of duties.
Defect Management
"Explaining errors is often more difficult than finding them. A misunderstood explanation means the error is ignored or, worse, transmuted into a false positive."
- A Few Billion Lines of Code Later
When faced with 1,000s of defects, where do you start? For every defect discovered, Coverity Integrity Manager provides a clear explanation of the defect, the severity, and location of the defect to help you answer three important questions:
- Which defects are the most critical?
- Which defects do I fix first (or at all)?
- Which other projects and products are impacted by this defect?
With this visibility, developers can dramatically reduce triage time. Individuals now have actionable information to make better fix/no fix decisions based upon impact to a single project, across all projects, across the product portfolio, and to the business, reducing the risk of schedule slips and quality issues across products.
Defect Description
Coverity Integrity Manager provides a clear description of the defect, the severity and potential business impact so developers can quickly identify which defects to fix first.
Common Weakness Enumeration (CWE) Mapping
Through the Coverity Integrity Manager, we map every defect to the CWE specification, a community-developed defect dictionary, to gather defect information and get a better understanding of defect severity, identify what kind of exploits are found around that defect, and get potential fix guidance. This provides one-click access to a rich knowledge base which takes the guess work out researching unfamiliar defects, and helps you identify the root cause faster.
Defect Navigation
Coverity enables users to pinpoint the exact location in the code where the defect exists and displays the actual code so you can better understand the defect context. Developers can also view the number of occurrences of the defect across projects, code streams and versions.
Inline Expansion of Function Calls
For interprocedural defects, you can expand function calls inline and understand the execution path for deeply nested events to get a comprehensive explanation of the defect, an impossible task during manual code reviews.
Checker Classification
This helps you easily prioritize defects by combining checkers into categories, such as crash-causing errors, security vulnerabilities, unexpected behavior, and performance degradation. The classification maps each checker into categories based upon how it manifests into issues, such as memory corruption, resource leaks, security best practices violations, and insecure handling of data, to name a few. These defect types are then prioritized based upon high, medium, and low impact, derived from Coverity's experience scanning millions of lines of open source code.
Source Code Navigation
This intuitive navigation helps you evaluate and understand the scope of the problem within the context of the rest of the source code, using the original files and directory structure.
Flexible Defect Filtering
Coverity Integrity Manager enables users to quickly see the information most important to them by providing flexible defect filtering capabilities.
Defect Impact Mapping
To save time, developers often re-use code. However, as codebases grow, code sharing and branching increases the complexity and difficulty of defect detection. With other solutions, you get a list of defects but no insight into the impact; the same defect will look like multiple defects, and piecing together the defect's impact to projects and products is a manual effort.
Coverity Integrity Manager maps the impact of a defect across the entire codebase, alerting you of the presence of a single defect in other projects and products that share code. It also allows you to visualize all of the code branches together so you can see the defects that matter to you.
The process of defect disposition becomes precise and manageable, as you can quickly identify the impact of a defect from one part of the code on the entire product portfolio. And what was before flagged as multiple defects is now considered a single defect, increasing efficiency to fix defects faster and increasing visibility to focus on addressing the high priority defects based upon impact.
Defect Reporting
Viewing and tracking defect history and resolution status at the branch level, the project level, and across projects is critical to make better decisions and measure developer productivity and quality improvement over time. Coverity Integrity Manager reporting allows you to answer three critical questions:
- Which defects have been fixed and have all critical defects been fixed?
- Have all instances of the defect across shared code been triaged and fixed (or not fixed)?
- What does my defect and quality trending look like by product, by release, by checker and defect type, and by user over time?
Metrics & Trending
Coverity provides unparalleled visibility into quality, security and efficiency trends across the organization. Within Coverity Integrity Manager developers can see detailed information about the number of defects since the last analysis, the defects that were found in the central build, defects found on their desktop and more.
Through Coverity Integrity Control managers and business executives get a more expansive view of quality and security trends over time, by team or by software component. Managers can quickly drill down into a detailed view to get a deeper understanding of areas of risk in their organization.
