Site Search

Black Duck Software

Black Duck Software

Coverity Static Analysis (SAST) Tools

What is Coverity?

Coverity® provides comprehensive static analysis to help development and security teams deliver high-quality software that is secure, functionally safe, and compliant with industry standards.

Functions and Features

  • Early vulnerability detection
    Scans and detects code vulnerabilities and defects from the early stages of the development process, helping you fix them, reducing the cost of rework and delaying projects.
  • Supports a wide range of programming languages
    Supports 20+ programming languages and 200+ frameworks, including C/C++, Java, C#, JavaScnpt, etc. Builds detailed models of each application, with visibility into all dependencies and compilers, allowing you to identify complex issues across many files and libraries in the world's largest applications.
  • Integration with Continuous Integration (Cl)
    It integrates with CI/CD tools like Jenkins and Gltlab, can be triggered from CI events, can run scans and security tests within the IDE and on every pull request, and can even abort the build if a full scan of your application finds any policy violations.
  • Highly accurate analysis reduces false positives
    The highly accurate scan results reduce the burden on developers, allowing them to focus on fixing issues rather than wasting time triaging false positives.
  • Advanced Analytics Engine
    It provides the highest accuracy and scalability of any static analysis solution on the market, enabling developers and security teams to deliver secure, high-quality applications at scale.
  • Automated reporting
    The dashboard provides pre-built reports based on industry-recognized lists, issue types and technical risk indicators, allowing developers to prioritize the issues that are most important to their organization. Filters are also available to easily group issues by CWE, standards classification, priority lists, risk indicator bus and developer.

Deployment configuration

  • Coventy Analysis
    A tool to perform analysis of the project being analyzed.
    Automation is also possible through CLI integration with Cl tools.
  • Coventy Connect DB
    A server that aggregates and manages analysis results. It has a GUI dashboard and allows for centralized management of analysis results with highly convenient functions.

system requirements

Coverity Analysis Minimum hardware requirements:
1.5GB RAM or more. However, this may vary depending on various conditions such as the target language and tracing method.

Coverity Analysis has certain minimum requirements for memory size, and although it is possible to increase analysis speed several times by using CPU parallelism and additional memory, analysis speed varies depending on the analysis settings, and there is an upper limit beyond which adding CPU parallelism or memory rapidly reduces responsiveness and does not provide significant speed improvement.

Coverity Connect Minimum hardware requirements for standard database:
8 CPU (2GHz or higher), 32GB RAM or higher, 512GB or higher storage (SSD: TRIM enabled recommended, HDD: 7200rpm recommended)
However, this will vary depending on various conditions such as database size.

Coverity Connect and Coverity Reports support the following server platforms and browsers:

Host OS Host OS Version 32 or 64 bit Hardware Architecture Note
Windows Windows Workstation Releases: Windows 10 and later. Windows Server Releases: Windows Server 2012 and later. 64-bit x86_64 Support for Windows Server 2012 has been discontinued and will be removed in a future release.
Linux Linux Kernel 3.10.0-123 or later, glibc 2.17 or later  

The Coverity Desktop plug-ins for Eclipse, Microsoft Visual Studio, and other supported IDEs require the same versions of Coverity Analysis and Coverity Connect that your Coverity Desktop is configured with. If you use Coverity Desktop, you should upgrade all Coverity products to the same version.

FAQ

What languages does Coverity support?

Coverity not only supports a variety of programming languages, including C/C++, Java, C#, JavaScript, and Python, but also helps you comply with various coding standards, such as MISRA and CERT.

How does Coverity integrate with the Cl/CD pipeline?

Coverity integrates with Cl/CD tools like Jenkins, Gitlab, and CircleCI, can be triggered from CI events, and can run code scanning and security testing from within your IDE or with every pull request.

How long does a Coverity scan take?

Depending on the size and complexity of your codebase, a typical code scan can be completed in minutes to hours, and there are options available to optimize scan times.