Coverity Consulting Overview

Development Testing
Maturity Model

Using the Development Testing Maturity Model as a guide, our experts will work with you to understand your business goals, use cases and technical environment and craft a tailored adoption plan.

Level 1: Automatic Defect Detection

The first step to adoption of development testing is to introduce the automated detection of critical quality and security issues. This analysis can be run as part of the centralized build process or from the developer's desktop. Ideally the automated analysis should be performed on a daily basis, and at minimum, on a weekly basis. Our consultants can assist you in installing and configuring the Coverity Development Testing Platform to create a successful defect resolution process focused on identifying and addressing the most critical code defects based on impact analysis. Our consultants will work with you to create a quality and security baseline and establish and enforce policies and processes to ensure that no new defects are introduced into the code base.

Level 2: Identification of Residual Risk

Residual risk can occur in code if it isn't properly tested in development. Many organizations measure the effectiveness of their automated testing through a simple coverage number which treats critical code and dead code equally. Our consultants can help you introduce a policy-based testing methodology so that you can ensure that all risky code has an automated test associated with it. This helps with identifying and then mitigating risks in functional defects.

Level 3: Developer Workflow Optimization

For development testing to properly be adopted, it must fit in seamlessly with the solutions your developers use on a regular basis, such as source control management systems, bug tracking systems, IDEs and continuous integration systems. Our consultants will work with you to integrate our platform with those critical elements to improve the efficiency of your development process. Issues identified by our platform and integrated third party analysis tools are queried against your Source Control Management (SCM) systems for automated identification of the appropriate file owners. Defects are then assigned to them automatically and tracked via your bug tracking systems. This further integrates development testing into your SDLC.

Level 4: Code Governance

Software code governance is about establishing and enforcing consistent standards for code quality and security and measuring improvement over time. Our consultants will work with you to establish policy thresholds, such as the number of high-risk defects, types of defects allowed or the code which must have automated tests associated with it. By defining policies that you measure your project against, it makes it possible to implement "quality gates" and validate that code has met your code governance goals before it is promoted to the next stage in the lifecycle. These policies can also be used to define acceptance criteria with third party suppliers.

Level 5: Enterprise Code Assurance

In this final stage of maturity, all legacy defects have been eliminated and the build is configured to fail if new defects are introduced. All critical code and code impacted by change is covered by an automated test. All legacy defects are eliminated and the build fails if new defects are introduced. Software is only released into production if it meets these criteria.

With development testing integrated into an enterprise's software development methodology, a balance between quality, security and innovation is considered in every step of the development process. Security and quality are not relegated to the end of the development lifecycle, where the pressures of time-to-market often result in a compromise of defect fixes due to the need to meet release deadlines.

Adoption
Services

At Coverity, we are committed to providing you the fastest time to value through our Adoption Services. Our Quick Start Program is a set of pre-packaged professional services solutions designed for small- and medium-size enterprise customer deployments to enable you to quickly optimize and realize your investment in Coverity.

The Coverity Quick Start Program includes three core components:

• Requirements Gathering: Our consultants will work with you to understand your business goals and technical environment to tailor the deployment plan to your specific needs.
• Infrastructure Deployment: Our consultants will work on-site with you to install and configure your solution including:
  • Installation of Coverity Connect on one host server
  • Installation of Coverity Quality Advisor binaries on one build server
  • One supported compiler will be configured
  • Analysis will be automated for a single code base up to one million lines of code
• Knowledge transfer and documentation: Once the system has been deployed, our consultants will work with your team to enable them to administer and maintain the software, as well as inspect and triage defects. At the end of this engagement, our consultants will provide you with a detailed document outlining all the implementation steps to enable you to continue to monitor, maintain and fine-tune your environment.

Additional Consulting Programs

• Analysis Tuning Program: A Coverity consultant will review your analysis results and identify opportunities to enhance defect detection. Advanced techniques will be applied to fine-tune analysis to discover new critical defects and further reduce false positive rates. If desired, the Coverity consultant can update your installation to the most current versions to ensure that you are taking advantage of recent product enhancements.
• Custom Checker Development Program: To address your unique analysis needs, a Coverity consultant will build custom checkers for your organization. Custom checkers can help enforce coding standards within your organization. The resulting analysis data can then be managed and tracked via Coverity Policy Manager to increase visibility into code quality, security and testing violation risks over time.

• Begin your Quick Start Program