Effortless compliance with Coverity
Complying with industry standards and regulations can be daunting, especially when finding and identifying code and ensuring its quality becomes progressively more difficult due to increasing development speeds. Knowing how to address violations after they are found can be even more daunting. Coverity makes it easy to filter identified issues by category, view trend reports, prioritize remediation of vulnerabilities based on criticality, and most importantly, manage policy compliance across teams and projects.
CEVA was able to quickly integrate Coverity into its CI/CD processes, and then demonstrate that it was satisfying industry regulation requirements. Leibovich found that Coverity “increased code quality and security,” helped “find defects with a low false positive rate,” and “enforced coding standards like MISRA C and AUTOSAR C++.” Most importantly, Coverity easily “integrated with [its] internally developed compiler,” meaning existing development activities were uninterrupted and unhindered by the addition of a new solution.
Reduced risk with Black Duck
Without a complete picture of the code within an application portfolio—specifically open source—an organization risks exposing itself to security, license compliance, and code quality risks. License compliance violations can result in costly litigation or compromise an organization’s valuable intellectual property.
Black Duck helped CEVA eliminate license compliance risk from its development environment. After investigating several tools, CEVA found that Black Duck would be the easiest to integrate and the least disruptive to its thriving security program, while also delivering results right away. Leibovich said that Black Duck “integrated open source identification and management within our SDLC” and helped “identify open source licenses in use”—all critical activities for minimizing risk associated with license noncompliance.
Synopsys helped CEVA bolster its security efforts and bring security into alignment with the quality of its solution offerings. And by increasing security and compliance efforts, CEVA has reinforced that customers can trust its products. Leibovich summarized the company’s new-found security posture, stating that “CEVA can show that we are working according to safety protocols, and we have no issues with customers due to open source usage. We can show code is going through a static analysis tool and [we] therefore [have] better-quality software. And we can show that CEVA is working according to safety protocols.”
Now, Coverity and Black Duck scans are initiated automatically within CEVA’s development pipelines. They are providing detailed reports that developers and managers can use to ensure security and compliance, allowing teams to focus on what they do best—developing the industry-leading processor and platform IP solutions they are known for.