COVERITY® DATASHEET

Coverity is an accurate and comprehensive static analysis and Static Application Security
®

Testing (SAST) platform that finds critical defects and security weaknesses in code as it’s
written before they become vulnerabilities, crashes, or maintenance headaches.

ADDRESS SECURITY
AT THE SOURCE

• Arm your developers with the

information they need to troubleshoot
and fix critical defects quickly and
efficiently

• Build quality and security into

development to reduce the cost of
rework and delayed time to market
resulting from defects found late in
the cycle

• Reduce the risk of costly and

brand-damaging software failures
and security breaches in the field or
in production

Actionable remediation guidance enables developers to quickly address potential security vulnerabilities.

Product Overview
Coverity helps reduce risk and lower overall project cost by identifying critical quality defects and
potential security vulnerabilities during development, with accurate and actionable remediation guidance,
based on patented techniques and a decade of research and development and analysis of over 10
billion lines of proprietary and open source code

Key Features

Depth and Accuracy of Analysis

• Coverity integrates seamlessly with any build system and generates a high fidelity representation of
the source code to ensure a deep understanding of its behavior.
• Coverity provides full path coverage, ensuring that every line of code and every potential execution
path are tested. It utilizes multiple patented techniques to ensure deep, accurate analysis.
• Through a deep understanding of the source code and the underlying frameworks, Coverity platform
provides highly accurate analysis results so developers do not waste time managing large volume of
false positive results. This enables them to effectively build security into the development lifecycle.

Speed and Scale of Analysis

Coverity‘s Policy Manager enables
Coverity was built from the ground up to fit into your existing workflow with the following capabilities: users to easily monitor and report on
status, risks, and trends.
• Parallel analysis allows Coverity to run on up to sixteen cores simultaneously and delivers up to a
10X performance improvement over serial analysis.
• Fast Desktop Analysis enables analysis acceleration by only re-analyzing the code which has
changed or been impacted by a change, instead of the entire codebase each time.

© 2016
2015 Synopsys
 COVERITY® DATASHEET

• Coverity scales to accommodate thousands of developers in geographically Supported Languages and

distributed environments and can analyze projects in excess of 100 million lines of
Frameworks
code with ease. C/C++ C# Java
JavaScript PHP Python
Efficient Issue Management and Remediation ASP .NET Objective-C JSP
Node.js Ruby Andriod
• With Coverity Connect, the platform’s collaborative issue management interface,
developers gain access to actionable information and precise remediation guidance,
showing them the right way to fix the defect and the best place in the code to fix it Supported Platforms
without requiring deep security domain expertise. Windows Linux Mac OS X Solaris
AIX HP-UX NetBSD FreeBSD
• Coverity Connect provides source code navigation to identify the exact path to the
defect and automatically identify every occurrence of the defect across shared code.
• Defects can be automatically assigned to the appropriate developer for resolution, Some Supported Compilers
and users can quickly view all outstanding security issues, OWASP Top 10 issues, • VisualDSP++ • IBM XLC • S SUN (Oracle) CC
• ARM C/C++ • Intel C++ • ynopsys Metaware
CWE, and PCI related issues. • Borland C++ • Keil Compilers C and C++
• Clang • Marvell MSA • TI Code Composer

Software Development Lifecycle (SDLC) Integration • Cosmic C • QNX C/C++ • Visual Studio
• Freescale • Renesas C/C++ • Wind River C/++
• Coverity platform allows rapid integration of critical tools and systems used to Codewarrior • SNC C/C++ • JDK for Mac OS X
• GNU GCC/G++ • OpenJDK
support the development process such as source control management, build and • SNC GNU C/C++
• Green Hills C/C++/ • Sony ORBIS SDK • Sun/Oracle JDK
continuous integration, bug tracking, integrated development environments (IDE) EC++
• Sony PS4
• HI-TECH PICC
and application lifecycle management (ALM) solutions. • STMicroelectronics
• HP aCC GNU C/C++
• Coverity is an open platform that allows developers to import third party analysis • IAR C/C++ • STMicroelectronics
ST Micro C/C++
results into the workflow to view and manage all types of defects in the same way
with a single view of software defects and risks.
SDLC Integration
Drive Adoption and Mitigate Risk SCM IDE/CI Issue Tracking
• Accurev • Android Studio • JIRA
Coverity Policy Manager enables organizations to define and enforce a consistent • Clearcase • Eclipse • Bugzilla
standard for code security as well as quality and testing across development teams. • CVS • IBM RTC
• Git • IntelliJ
It provides visibility into which teams, projects or components are compliant with • Hg (Mercurial) • QNX Momentics
these standards and can create measurable stage gates based on predefined criteria • Perforce • MS Visual Studio
• SVN • Wind River
regarding defects and testing. The customizable views in Coverity Policy Manager Workbench
• Jenkins
allows the selection of development metrics and thresholds that align to specific
• TFS
objectives for embedded, enterprise, and mobile applications.

Extend Vulnerability Detection

Critical Checks
API usage errors Integer handling issues

Coverity Extend is an easy-to-use Software Development Kit (SDK) that allows Best practice coding errors Integer overflows
Build system issues Memory – corruptions
developers to detect unique defect types. The SDK is a framework for writing Buffer overflows Memory – illegal accesses
program analyzers, or checkers, which allows them to identify custom or domain Class hierarchy inconsistencies Null pointer dereferences
Code maintainability issues Path manipulation
specific defects. Customized checkers also help enable compliance with corporate
Concurrent data access violations Performance inefficiencies
security requirements and industry standards or guidelines. Control flow issues Program hangs
Cross-site scripting (XSS) Race conditions
Cross-site request forgery (CSRF) Resource leaks
Coverity is also proud to serve the open source community with Deadlocks Rule violations

more than 4000 projects currently using our free Coverity Scan, Error handling issues Security best practices violations
Hard-coded credentials Security misconfigurations
including Linux, Python, PostgreSQL, Firefox, OpenSSL, Perl, Incorrect expression SQL Injection
Insecure data handling Uninitialized members
Apache Hadoop, and many more.

Synopsys Inc. U.S. Sales: (800) 873-8193

www.synopsys.com/software 185 Berry Street, Suite 6500 International Sales: +1 (415) 321-5237
San Francisco, CA 94107 USA Email: [email protected]

© 2016 Synopsys, Inc. All rights reserved. The registered trademarks of Synopsys used herein are registered in the U.S. and other countries. All other
company and product names are the property of their respective owners.