These days software development teams are often spread across the country or the world. Outsourcing and third party suppliers add to the challenge of managing large software projects. Tools like Coverity's Integrity Control are designed to reduce the development risk by providing greater visibility across the software supply chain.
Coverity's Integrity Control designed for managers, especially those not dealing directly with developers. It is tied Coverity's tools such as Coverity Static Analysis that would be used by programmers to analyze their code or code provided by other parties.
Integrity Control uses a policy-based system to set thresholds for code quality and security. The results can be used as part of service level agreements (SLA) for suppliers. Thresholds can address defect density and number of defects by criticality, type or impact. The system can also track productivity and efficiency based on values such as time-to-fix defects and technical debt.
The system can provide Executive Heat Map Alerts (Fig. 1). The Code Control Panel provides insight into development risks across the supply chain. Users can drill down to identify problem or violation areas.
Integrity Control is also integrated into the workflow of Coverity's code testing and Integrity Manager tools. This allows automatic tracking of quality and security policy violations.
Integrity Control works best if third parties also employ Coverity's tools since policies can be exchanged and utilize in-house. Code can also be checked when it enters a companies workflow from third parties. The low false positive results, under 5%, for Coverity Static Analysis and Coverity Dynamic Analysis tools makes this approach practical.