Coverity's latest enterprise development platform, Coverity 5.5 (Fig. 1), is in the hands of developers. It adds a host of new features including intergration with a range of third party tools such as FindBugs, Jenkins Continuous Integration Server and HP's Application Lifecycle Management (ALM).
Coverity 5.5 IDE (Fig. 2) ties together a range of Coverity tools including Coverity Automated Code Testing that includes the Coverity Static Analysis that addresses C/C++, Java, and C# codebases and and Coverity Dynamic Analysis (Fig. 3). It also handles architecture analysis that can help identify security violations and provides function call graphs. This is under the auspices of the Coverity Integrity Manager (Fig. 4) that also combines support with FindBugs, a popular open source Java static analysis. The workflow integration addresses Jenkins Continuous Integration Server and HP's Application Lifecycle Management.
Some of the issues analysis tools need to address is performance when analyzing large applications and the breadth of the analysis itself. Coverity's test analysis tools have improved performance by a factor of 10 for tests on complex code bases. It has also added or improved over twenty of its analysis checkers.
Coverity's analsis tools can take advantage of multiple cores. This allows parallel analysis thereby reducing time to complete testing. Static and dynamic analysis code coverage are standard features. Static analysis addresses issues such as interprocedural errors due to calls across functions. Its SAR Solver addresses boolean satisfiability that suppresses defects that could not possibly have occurred during execution. This is done by pruning infeasible paths thereby providing a low false positive rate without trading off false negative reports.
Coverity has also improved its workflow with popular IDEs like Eclipse and Microsoft's Visual Studio. This includes integration of Coverity's analysis tools. The integrations is via IDE plug-ins allowing developers to utilize the tool they are most familiar with.
Integration with tools like FindBugs is automatic. In addition, installation enterprise deployments has improved. This includes cross-team and project deployment with the ability to import third party data into Coverity Integrity Control. This allows the use of centralized policy management. Coverity Integrity Control provides ways for managers and developers to measure code quality, security, and technical debt. The tool also provides compliance policy management using pre-built policy templates for FDA and DISA STIG standards. Managers can also modify or create their own policy templates.
Analysis and testing tools like Coverity need to be utilized on a regular basis to limit the number of errors and to find errors as soon as possible. Reducing overhead is key to getting developers to use the tool because waiting for compiles and analysis to complete idles developers. Tools like the Jenkins Continuous Integration Server help in this regard since code is automatically tested. Finally bug tracking and ALM provide the kind of assitance and artifacts necessary in todays development environment where applications need to meet standards such as DO-178B.