April 14th, 2009
New Coverity products verify use of open source software
Coverity, Inc. announced two new tools for software development today: Coverity Build Analysis and the Coverity Integrity Center. These products are helpful for any type of development, but include features specially designed for companies using open source software in their commercial offerings.
Coverity Build Analysis
Coverity Build Analysis helps reduce wasted time and money consumed by inefficient and inaccurate build systems during software development. It scans software builds to help companies eliminate quality and security problems that can threaten to delay products and ensure all open source components in a shipping product are documented and secure.
According to Coverity, the new offer automatically analyzes and pinpoints the root-cause of build defects, helps identify compliance violations, and flags software quality and security vulnerabilities introduced during the build process. By providing visibility into build processes, organizations can eliminate the financial burden broken builds inflict through lost developer time, product delays and costly field defects.
Coverity Build Analysis provides developers, build engineers and security teams with the capabilities to:
- Reduce wasted time hunting for build bottlenecks such as broken make files, redundant processes, and code defects
- Prevent security risks by halting the introduction of malicious or unintentional vulnerabilities (for example by making sure you’re using the most recent open source security patches)
- Meet business and product requirements by auto-generating a comprehensive ‘bill of materials’ to confirm version and origin of all build components, whether from open source, outsource, or internal development teams
Coverity Integrity Center
The Coverity Integrity Center is an integrated bundle of tools designed for companies who want to reduce software problems and to make software changes faster and with less risk. It provides precision software analysis for architects, developers, build engineers, and quality and delivery teams. In addition to the Build Analysis product mentioned above, it includes three other core capabilities:
- Architecture Analysis: Analyze software design to ensure it can be easily modified and reused for maximum business agility. Use architectural visualization to identify hidden security backdoors that can cause costly breaches and data losses.
- Static Analysis: Analyze source code for defects with Coverity Prevent to find and eliminate potential causes of product delays or costly recalls. Expose security flaws early in the lifecycle so security audit teams don’t slow developers with rework, and helps speed testing and delivery time.
- Dynamic Analysis: Scan applications as they execute in test environments to amplify existing testing efforts. Eliminate complex multi-threaded concurrency defects and other crash causing software problems.
“We live in a world where the integrity of your business and competitive advantage is directly dependent on the integrity of your software,” said Seth Hallem, Coverity CEO. “Our recent record quarter is evidence that companies worldwide are shifting their investments to driving integrity into the software the runs their products, systems and business. The launch of Coverity Integrity Center marks the next stage of our software integrity strategy and enables customers to leverage the full power of all our software analysis offers.”
See the Coverity web site for more information including white papers and free trials.
Ed Burnette is a professional developer and author of several articles and books about computing including Hello, Android: Introducing Google's Mobile Development Platform, 2nd Edition. For disclosure of Ed's industry affiliations, click here or to view his full profile click here.
Subscribe to Dev Connection via Email alerts or RSS.
