Coverity 5 Tackles Business Impact from Software Changes
Join the DZone community and get the full member experience.Join For Free
Coverity 5 is the next generation of the entire Coverity software integrity product line, including the industry leading Coverity Static Analysis product. As part of this launch, Coverity is showcasing two major change impact innovations:
- The new Coverity 5 defect impact mapping capability is the first to enable developers to automatically map and identify how a single defect impacts multiple code bases, projects and products across the portfolio. Prior to Coverity, mapping impact of defects was a highly manual, inaccurate and time-consuming process.
- The new Coverity 5 unified defect management interface is the first to enable developers and management to review, prioritize and triage their C/C++, Java and C# defects in a single workflow, providing a single version of the truth for the state of integrity across the entire product portfolio.
Software changes introduce defects that can seriously damage products in the portfolio that share that same code. Using traditional software analysis approaches, it is difficult, if not impossible, for developers to know exactly which projects, teams and products are impacted by new defects introduced by software changes. Coverity 5 is the first to enable developers to automatically scan software for new defects introduced by changes, instantly prioritize defect severity and map impact to all products sharing the same code.
“Mitigating the risk of software changes is one of the biggest challenges for our global customer base, and we are tackling this problem head on with Coverity 5,” said Seth Hallem, Coverity CEO. “Our new defect impact management capabilities mark the most significant innovation in the software integrity market since our introduction of commercial static analysis. Coverity 5 delivers an unprecedented level of defect impact visibility to developers so they can make highly informed business decisions on how they prioritize and triage software problems.”
Coverity 5 provides the following new capabilities and enhancements:
New Defect Impact Management Capabilities:
- Defect impact mapping is a turnkey way for developers to know all other code bases, teams, projects and products that are affected by a single defect, providing them with powerful business context for prioritization and remediation.
- Unified defect impact management console is a rich web-based interface that allows developers to manage their C/C++, C# and Java defects in a single interface.
- Rich defect knowledge base gives developers detailed information on every defect discovered by Coverity, including plain language defect explanations and an assessment of the potential impact of the defect from both Coverity’s proprietary defect index and the industry standard Common Weakness Enumeration (CWE).
- Automatic severity filtering easily guides developers to high impact defects, cutting the guesswork out of triage prioritization.
Developer Productivity Enhancements:
- New state of the art code browser provides advanced defect drill-down capabilities, easy to use defect markers, shared views and in-line expansion into inter-procedural defect details.
- Advanced defect reporting provides developers and managers an easy way to track defects fixed, defect trends, the overall state of integrity across the entire product line and evidence for defect remediation for compliance reporting.
- Robust scalability enhancements enable more concurrent users and simultaneous analysis commits, all powered by an industrial strength relational database.
Coverity Integrity Center Module Enhancements:
- Coverity Static Analysis and Coverity Dynamic Analysis now share a powerful interface to enable customers to manage all of their defects in the same workflow.
- Coverity Architecture Analysis now has new call graph and class hierarchy visualization that makes it easier for developers to see the internal structure of their program for program understanding and maintenance.
- Coverity Build Analysis now has new build reports that show build processes and file inputs and outputs so build engineers know if any unauthorized files are being accessed or whether processes are being run that could compromise the security or behavior of the end product.
“The application development market is experiencing a new wave of innovation delivering new solutions to the complex challenges of software development,” said Theresa Lanowitz, founder of voke, inc. “Coverity’s introduction of defect impact mapping empowers organizations to intelligently assess the impact of change across their software portfolios.”
“Static analysis has emerged as a best practice for identifying software defects within many embedded markets,” said Chris Rommel, Analyst at VDC Research Group. “However, the ability to address detected issues while also mitigating any risk from software change within a company’s broader portfolio of products and code assets is becoming increasingly important to controlling the ultimate operational impacts of the software defects.”
“Managing impact from change has triggered billions in IT spending in operations and applications for years,” said Graham Titterington, Principal Analyst at Ovum. “Coverity’s plans to tackle this problem in development will certainly get the attention of line of business, product and IT executives as this is where many change problems are triggered.”
Coverity 5 will be generally available by the end of the first quarter of 2010. Coverity 5 is the new version of the entire Coverity software integrity product line.
Coverity 5 details will be featured in an upcoming live webinar. To register for the webinar or get more information, visit at http://www.coverity.com/coverity5.
Opinions expressed by DZone contributors are their own.