Synopsys Launches New Coverity Release
January 16, 2019

Synopsys announced the availability of a new version of its Coverity static application security testing (SAST) solution, which enables organizations to build secure applications faster.

The latest release of Coverity addresses three increasingly important needs for enterprise application security teams: scalability, broad language and framework support, and comprehensive vulnerability analysis.

"While application vulnerabilities continue to be the most common vector for cyberattacks, organizations are expanding their application portfolios and relying heavily on software to perform critical business functions and deliver customer value," said Andreas Kuehlmann, Co-GM of the Synopsys Software Integrity Group. "This means enterprise application security teams need to be able to assess their growing and increasingly diverse application inventories for vulnerabilities, while minimizing impact to their development velocity and business operations. The latest Coverity release enables security teams to do just that by extending our world-class static analysis technology to a wider range of applications and making it easier than ever to implement and scale across large application portfolios."

Coverity enables enterprise organizations to scale their SAST efforts across large application portfolios. The latest Coverity solution now includes a feature called 'analysis without build' that allows security teams to onboard and analyze thousands of applications quickly and easily. Security teams can now simply point Coverity to a source code project and begin analyzing in seconds, without first having to do a full build operation for each application. Unlike other SAST solutions, Coverity automatically detects project types and fetches the dependencies that would normally be incorporated in the build process. Use of this new feature ensures comprehensive analysis and eliminates the need to manually declare dependencies.

The ecosystem of programming languages and frameworks used to build applications is expanding, and SAST tools need to understand how each one works in order to be effective. To address the needs of enterprise organizations with diverse application portfolios, Synopsys has significantly expanded Coverity's language and framework coverage. The latest Coverity release introduces support for TypeScript, .NET Core, Swift 4.1, and Ruby on Rails, as well as more than 50 different frameworks for Java, JavaScript, C#, including Angular, React, and Vue.

The Coverity analysis engine utilizes a variety of techniques to look at code in different ways and find the most actionable and critical security vulnerabilities. In response to the growing popularity of frameworks, the latest Coverity release includes dramatically improved framework analysis, which allows customers to more accurately detect client-side and back-end web services vulnerabilities. Coverity can also now analyze JavaScript framework templates, which are a popular means of client-side data binding. Coverity can now scan the HTML generated on the fly from such templates to find additional cross-site scripting vulnerabilities.

Share this

Industry News

February 06, 2023

Red Hat announced the availability of Red Hat Ansible Automation Platform on Google Cloud, providing a common and flexible IT automation solution that extends from the cloud, to the datacenter and out to the edge without additional complexity or required skills.

February 06, 2023

Cequence Security has enhanced the testing capabilities within its Unified API Protection Platform with the availability of API Security Testing.

February 06, 2023

Netlify has acquired Gatsby Inc.

February 02, 2023

Red Hat announced a multi-stage alliance to offer customers a greater choice of operating systems to run on Oracle Cloud Infrastructure (OCI).

February 02, 2023

Snow Software announced a new global partner program designed to enable partners to support customers as they face complex market challenges around managing cost and mitigating risk, while delivering value more efficiently and effectively with Snow.

February 02, 2023

Contrast Security announced the launch of its new partner program, the Security Innovation Alliance (SIA), which is a global ecosystem of system integrators (SIs), cloud, channel and technology alliances.

February 01, 2023

Red Hat introduced new security and compliance capabilities for the Red Hat OpenShift enterprise Kubernetes platform.

February 01, 2023

Jetpack.io formally launched with Devbox Cloud, a managed service offering for Devbox.

February 01, 2023

Jellyfish launched Life Cycle Explorer, a new solution that identifies bottlenecks in the life cycle of engineering work to help teams adapt workflow processes and more effectively deliver value to customers.

January 31, 2023

Ably announced the Ably Terraform provider.

January 31, 2023

Checkmarx announced the immediate availability of Supply Chain Threat Intelligence, which delivers detailed threat intelligence on hundreds of thousands of malicious packages, contributor reputation, malicious behavior and more.

January 31, 2023

Qualys announced its new GovCloud platform along with the achievement of FedRAMP Ready status at the High impact level, from the Federal Risk and Authorization Management Program (FedRAMP).

January 30, 2023

F5 announced the general availability of F5 NGINXaaS for Azure, an integrated solution co-developed by F5 and Microsoft that empowers enterprises to deliver secure, high-performance applications in the cloud.

January 30, 2023

Tenable announced Tenable Ventures, a corporate investment program.

January 26, 2023

Ubuntu Pro, Canonical’s comprehensive subscription for secure open source and compliance, is now generally available.