General topics for the product development at the software level (ISO 26262:2018, Part 6, Section 5)
Use of continuous integration, and integration of automated tooling
The ISO 26262 standard calls out examples of methods and development approaches that support consistency of development activities and work products. In particular highlighted in Note 1, Example 2 is the role of automated tooling to achieve this goal.
All of the Synopsys software integrity tooling detailed in this document are highly amenable to automated invocation, and include plugins for the most common continuous integration and continuous delivery tools such as Jenkins and Azure DevOps.
Organizations seeking to adopt such automation are encouraged to consider the following qualities for Static Analysis within continuous integration scenarios:
- Time taken to process large volumes of code – changes need to be analyzed quickly
- Ability to run in a fast incremental mode against small changes only
- Ability to run against partial code changes, rather than the entire codebase
- Volume of output generated with each small (incremental) change
- Advanced workflow features for managing the issues identified
- Alerts when new problems occur in past analysis runs, and automatically generating items on the development team backlog when this occurs
ISO 26262:2018 specifically notes that cybersecurity may be considered during the development of embedded software. Synopsys strongly recommends that the topics of cybersecurity, quality, risk, and safety be considered in a unified approach. Many of the tools and methods highlighted in industry cybersecurity standards overlap with the tools and activities that organizations typically adopt for safety, quality, and reliability.
Although the scope of ISO 26262:2018 relates primarily to functional safety, Synopsys helps organizations carry out a range of security activities that may generate new safety hazards as defined in Clause 6.4.5 and Annex E of ISO 26262:2018 Part 2:
- Risk assessment / threat modeling (TARA) carried out during design activities (Appendix E.3.2)
- Static code analysis to identify coding standards and security vulnerabilities during development (Appendix E.3.3)
- Identification of robustness failures that may cause security vulnerabilities, via automated fuzzing (Appendix E.3.3)
- Automated and manual penetration testing at the unit, component, and system level during verification and validation phases (Appendix E.3.3)
- Identification of open source packages, and ongoing monitoring for new vulnerabilities in third-party open source software components (Appendix E.3.4)
Synopsys is also involved as a member in formulating the SAE J3061 and ISO 21434 standards, which define comprehensive strategies for automotive cybersecurity.
Distributed development – Augmenting software integrity requirements within the development interface agreement (DIA)
ISO 26262:2018 provides, through Part 8, a number of clauses to specify a development interface agreement (DIA) to facilitate end-to-end collaboration in a distributed development scenario.
Typically, Synopsys customers include in the DIA the requirements for tool usage, scope, and reporting. Some of these requirements include:
- Metrics reports (e.g. HIS metrics), generated from static code analysis
- Scope of coding standards (e.g. MISRA) application, enforcement, and reporting requirements
- Requirements to perform particular types of security testing (e.g. penetration testing, risk assessment/TARA)
- Number of test cases and time taken to run fuzz testing
- Declaration of open source components in a software bill of materials (SBOM)
These requirements, in turn, are passed down the supply chain to software suppliers, ensuring assurance activities are performed and execution data is reported when producing software deliverables.
Coverity Static Analysis is certified by TÜV SÜD Product Service GmbH as meeting the requirements for support tools according to IEC 61508-3. The tool is qualified for use in safety-related software development according to ISO 26262, IEC 61508, EN 50128, and EN 50657. The tool is classified as T2, for use up to ASIL D in accordance with ISO 26262:2011-8.
The documentation pack for the Coverity distribution includes the necessary functional safety manual, which describes tool operation and failure modes – including the risk of misconfiguration, and of false positives and false negatives.
Validation of the software tool
For ASIL D development, teams that must perform tool validation according to ISO 26262 Part 8-11 (“Confidence in the use of software tools”) need to complete tool validation within their build environment. This helps ensure that safety-critical defects are not missed due to installation or configuration errors.
The Coverity Qualification Kit ensures that Coverity is configured and operating properly within the customer’s build environment. This self-test feature produces a tool qualification report describing the tests that were run and the results of those tests to validate that Coverity is properly configured. The qualification process is consistent with the recommendations of ISO 26262 Part 8-11.4.9.
Software modeling and coding guidelines (ISO 26262:2018, Part 6, Section 1)
As part of the initiation of the product development phase at the software level, ISO 26262 created a set of coding and modeling guidelines that are published in Table 1 of the Software Development Module. The Synopsys software integrity portfolio supports these guidelines in the following manner: Table legend: ++ indicates highly recommended + indicates recommended o indicates that the method has no recommendation for or against its usage for the identified ASIL
++ indicates highly recommended
+ indicates recommended
o indicates that the method has no recommendation for or against its usage for the identified ASIL