Coverity Announces New Tools


News: Coverity Announces New Tools

  1. Coverity Announces New Tools (5 messages)

    Coverity Integrity Center is available today, a system for reducing product failures and recalls due to software problems and enables quicker software changes turnaround with less risk. Coverity Build Analysis is also available today as part of the Coverity Integrity Center. The Coverity Integrity Center provides precision software analysis for architects, developers, build engineers, and quality and delivery teams. It includes the following core capabilities: * Architecture Analysis: Analyze software design to ensure it can be easily modified and reused for maximum business agility. Use architectural visualization to identify hidden security backdoors that can cause costly breaches and data losses. * Static Analysis: Analyze source code for defects with Coverity Prevent to find and eliminate potential causes of product delays or costly recalls. Expose security flaws early in the lifecycle so security audit teams don't slow developers with rework, and helps speed testing and delivery time. * Build Analysis: Analyze software builds to identify problems and inefficiencies in the assembly of software that can cause product delays. Ensure that all open source components in the final product are documented and secure. * Dynamic Analysis: Scan applications as they execute in test environments to amplify existing testing efforts. Eliminate complex multi-threaded concurrency defects and other crash causing software problems. Coverity Build Analysis provides developers, build engineers and security teams with the capabilities to: * Reduce wasted time hunting for build bottlenecks such as broken make files, redundant processes, and code defects * Prevent security risks by halting the introduction of malicious or unintentional vulnerabilities through open source software components * Meet business and product requirements by auto-generating a comprehensive `bill of materials' to confirm version and origin of all build components, whether from open source, outsource, or internal development teams Coverity Build Analysis is part of the Coverity Integrity Center, and is a natural compliment to Coverity's other precision software analysis capabilities, which include Coverity Architecture Analysis, Coverity Dynamic Analysis, and Coverity Prevent, the industry-leading static analysis product. The combination of Coverity precision software analysis offers enables customers to identify quality, performance and security flaws in software design, architecture, code, builds, and delivery.
  2. Why is that is not able to block the above mentioned user? Now the situation is such that I avoid clicking any links displayed on this site.
  3. Despite the awful blurb posted on TSS, I checked out their website to see what they offer. After 3 clicks throughout the page, I still couldn't find anything other than sales promises. They clearly don't know their audience. Guys, when you post on TSS, remember you're targeting engineers. Tell us specifically how your product will "identify quality, performance and security flaws." It doesn't help that your site is peppered with broken links. Your Data Sheet has no data. It is quite annoying to download a PDF only to find it has the same sales nonsense as the regular site. Your screenshots are all so low resolution that we can't even click on them to see exactly what your product does. Why should we waste our time with you? How are you any better than the free static analysis tools like JDepend, FindBugs, and Cobertura? You say things like "Reduce wasted time hunting for build bottlenecks such as broken make files, redundant processes, and code defects" Doesn't your build tool automatically tell you when you have a broken "make file" (I assume you meant ANT/Maven, please remember this is a Java crowd)? What code defects will you find that the JDK (with ALL warnings turned on) and FindBugs won't?
  4. Just use open source[ Go to top ]

    Don't waste your money. Just use Findbugs and/or PMD. The extra niceties that Coverity provides aren't worth the money.
  5. Re: Just use open source[ Go to top ]

    True and if you want reports like Coverity consider Sonar.
  6. Here's a more technical view of this topic... short blog post by technical person from Klocwork that summarizes how source code analysis can be used to address some build optimization goals.