The Code Sight IDE plugin uses the Coverity static analysis engine to find issues as developers code. Release 2019.4 supports more languages and IDEs.
The product team at Synopsys is pleased to announce that Code Sight™ IDE plugin 2019.4 is generally available! This release accommodates the growing variety of technologies in modern application development environments. As a result, more developers can quickly find and fix issues in their IDE.
New features in this release of the Code Sight IDE plugin include static analysis for C/C++ in Visual Studio and support for more IDEs:
Designed for developers, the Polaris Code Sight IDE plugin uses the Coverity® static analysis engine to scan code automatically when users save files. Developers get noninvasive and nearly instantaneous feedback on the quality and security of their code before they commit it.
The unique combination of Coverity quality and security checkers can find defects affecting application reliability and functionality. It also reveals security weaknesses that could expose sensitive data to attacks. The solution carefully examines potential execution paths that could lead to software issues. As a result, developers can produce clean, secure, and reliable code. Now, with the Code Sight IDE plugin’s expanded language and IDE support, more developers can use the broad set of Coverity security and quality checkers without leaving their editor.
Beyond the IDE, many development teams integrate static application security testing (SAST) into their CI/CD pipelines as well. However, many SAST solutions provide different analysis engines in the IDE and build/test environment. Frustrated developers might ask themselves, “Why wasn’t this issue found while I was running tests in the IDE?” So Synopsys has ensured consistent results between analyses in the IDE and the build/test environment.
To decrease debugging times, organizations are shifting application security responsibilities to developers. This shift is pushing developers to catch software defects earlier in the SDLC. But if security testing slows them down, developers might see this request as unfair, considering their primary goal of hitting tight release deadlines.
As a Product Marketing/Business Rotational Program Associate at Synopsys, Charlie will rotate through the sales, marketing, sales operations, and finance departments four months at a time. He joined Black Duck Software in July, before Black Duck Software was acquired by Synopsys. During his time in sales and marketing, Charlie has researched and learned about the importance of open source risk management—especially pertaining to container security and secure DevOps practices. While in marketing, Charlie has been helping with the launch of OpsSight, a product designed for IT Operations and Infrastructure teams hoping to automate security practices in the production environment. He holds a B.A. in Political Economy from Bates College.