The Forrester report noted that “Synopsys applies the power of mature SAST to deliver actionable results.”
Synopsys believes providing actionable results early in the SDLC and within common developer workflows is key to delivering secure code faster. Coverity scans can be run at various stages of the software development life cycle (SDLC), with native integrations into popular workflows that provide details on each issue, including description, severity, CWE data, and defect location, as well as detailed remediation guidance to help resolve issues as quickly as possible.
Integrations with code repositories, build tools, and CI/CD pipelines support a range of scan strategies to uncover issues before they impact release timelines. The Code Sight™ IDE plug-in extends Coverity capabilities to the desktop, empowering developers to write secure, high-quality code right from the start. Security and code quality defects are identified in real time, so they can be fixed before code is even committed.
Scans can be triggered on pull requests or when builds complete, enabling developer velocity while still ensuring comprehensive coverage, so no critical defects make it into production. Issues can be automatically created in your issue-tracking system (such as Jira), and even assigned to the developer who’s most likely to have introduced the defect, in order to accelerate the remediation process.