Software Integrity Blog

Author Archive

Kris Diefenderfer

kdiefenderfer

Kris Diefenderfer is a senior sales engineer at Synopsys. He specializes in enterprise-level software solutions in the IT security and compliance space. Kris is also passionate about utilizing and learning new and better ways to produce high-quality software in minimal time.


Posts by Kris Diefenderfer:

 

Can Synopsys Static Analysis (Coverity) automatically ignore issues in third-party or noncritical code?

Synopsys Static Analysis (Coverity) has powerful capabilities that can find issues deep within the logic of your application’s code. If you apply third-party or open source code during your build process, Coverity might even find issues in code your team didn’t write. Often, you won’t be interested in fixing that third-party code, for a variety of reasons. If you don’t own the code, you may not be permitted to modify it. If it’s open source code, you may not be willing to assume the licensing obligations associated with updates. Modifying third-party code also has downstream impacts on future development efforts. For example, if there’s a new release of that code, you may need to carry forward your fixes to the new release—potentially an ongoing effort. This post describes a couple of options at your disposal for dealing with issues in code you don’t plan to fix. See why Synopsys was named a Leader in The Forrester™ Wave: Static Application Security Testing, Q4 2017

Continue Reading...

Posted in General, Static Analysis (SAST) | Comments Off on Can Synopsys Static Analysis (Coverity) automatically ignore issues in third-party or noncritical code?