Coverity® helps security managers empower developers to embrace SAST in their workflows, and it provides easy onboarding, integrations, and flexible deployment options for DevOps teams.
Coverity provides actionable findings with high accuracy and low false positives. It also delivers relevant training resources and remediation advice directly in developers’ IDE, via the Code Sight™ IDE plugin, so they can fix security issues in their code as they work. DevOps managers can easily deploy Coverity on premises or in the cloud, as well as integrate it into various stages of the software development life cycle. Additionally, the Coverity CLI provides a very simple way to onboard applications and see results and diagnostics of the scan.
Security managers also get a high-level view into application risks and exploitable vulnerabilities through compliance reports for key industry and security standards. They can utilize the simplified Coverity CLI to initiate scans by just pointing to the source code, without needing to specify build and configuration details. This unique capability provides additional flexibility and gives security managers quick insights into application health and risks.
Once analyses are complete, security teams can easily generate reports on critical vulnerabilities specified by security standards such as OWASP Top 10 and CWE Top 25, or industry standards such as PCI DSS and SEI CERT. And centralized dashboards and reporting provide auditors, executives, and heads of development with high-level visibility into application risk and compliance to security and industry standards.
Coverity automatically prioritizes vulnerabilities according to compliance standards, criticality, and custom rulesets to help focus development resources on the most important vulnerabilities. When used in conjunction with Synopsys Intelligent Orchestration, which automates security testing throughout the software development life cycle, Coverity can automatically initiate SAST testing on an application, based on user-defined policies, risk profiles, and severity/context-specific code changes.
In the white paper “Managing Web Application Security With Coverity,” learn how Coverity’s capabilities help development and security teams improve their web application security practices, gain visibility into application risks, and demonstrate compliance.