The Code Sight IDE plugin uses the Coverity static analysis engine to find issues as developers code. Release 2019.4 supports more languages and IDEs.
The product team at Synopsys is pleased to announce that Code Sight™ IDE plugin 2019.4 is generally available! This release accommodates the growing variety of technologies in modern application development environments. As a result, more developers can quickly find and fix issues in their IDE.
New features in this release of the Code Sight IDE plugin include static analysis for C/C++ in Visual Studio and support for more IDEs:
Designed for developers, the Polaris Code Sight IDE plugin uses the Coverity® static analysis engine to scan code automatically when users save files. Developers get noninvasive and nearly instantaneous feedback on the quality and security of their code before they commit it.
The unique combination of Coverity quality and security checkers can find defects affecting application reliability and functionality. It also reveals security weaknesses that could expose sensitive data to attacks. The solution carefully examines potential execution paths that could lead to software issues. As a result, developers can produce clean, secure, and reliable code. Now, with the Code Sight IDE plugin’s expanded language and IDE support, more developers can use the broad set of Coverity security and quality checkers without leaving their editor.
Beyond the IDE, many development teams integrate static application security testing (SAST) into their CI/CD pipelines as well. However, many SAST solutions provide different analysis engines in the IDE and build/test environment. Frustrated developers might ask themselves, “Why wasn’t this issue found while I was running tests in the IDE?” So Synopsys has ensured consistent results between analyses in the IDE and the build/test environment.
To decrease debugging times, organizations are shifting application security responsibilities to developers. This shift is pushing developers to catch software defects earlier in the SDLC. But if security testing slows them down, developers might see this request as unfair, considering their primary goal of hitting tight release deadlines.