Can Synopsys Static Analysis (Coverity) automatically ignore issues in third-party or noncritical code?
Synopsys Static Analysis (Coverity) has powerful capabilities that can find issues deep within the logic of your application’s code. If you apply third-party or open source code during your build process, Coverity might even find issues in code your team didn’t write. Often, you won’t be interested in fixing that third-party code, for a variety of reasons. If you don’t own the code, you may not be permitted to modify it. If it’s open source code, you may not be willing to assume the licensing obligations associated with updates. Modifying third-party code also has downstream impacts on future development efforts. For example, if there’s a new release of that code, you may need to carry forward your fixes to the new release—potentially an ongoing effort. This post describes a couple of options at your disposal for dealing with issues in code you don’t plan to fix. See why Synopsys was named a Leader in The Forrester™ Wave: Static Application Security Testing, Q4 2017