Design

Version 8.5 increases static analysis tool's capabilities

12th July 2016
Nat Bowers
0

Synopsys has announced the version 8.5 release of Coverity, the company's industry-leading static analysis tool and one of the core components of its Software Integrity Platform. Coverity is an automated software testing tool that analyses source code to detect critical security vulnerabilities and defects early in the software development lifecycle.

Coverity and the other tools in Synopsys' Software Integrity Platform are used to facilitate "software signoff," an integrated development and testing methodology that aims to ensure software quality and security. Pioneered by Synopsys to emulate the signoff concept used in IC design, software signoff involves a series of automated testing cycles at critical points throughout the software development lifecycle and software supply chain.

The Coverity 8.5 release includes several important updates to enhance its security analysis and reporting capabilities and extend its utility to a broader audience, including organisations developing web and mobile applications and software systems for vehicles and other safety-critical systems.

Enterprise application security testing for web apps, mobile apps and more

Coverity 8.5 strengthens Synopsys' offering to the enterprise market by adding analysis capabilities for Ruby and node.js, two increasingly popular programming languages used to develop web applications. The release also introduces foundational security analysis for Android mobile applications to address the growing concern around enterprise mobile security. In addition, this release enhances Coverity's security-focused analysis for several supported programming languages to detect a wider range of vulnerabilities, including the OWASP Top 10, CWE/SANS Top 25 and more.

Enabling safety and security in automotive software

Coverity 8.5 also strengthens Synopsys' offering for the automotive and other safety-critical industries by adding full coverage for MISRA C 2012, a widely adopted set of software development guidelines for facilitating code security and safety. This follows Synopsys' May announcement of Coverity's ISO 26262 certification and further advances the company's efforts to address vehicle security and safety in the midst of emerging industry trends such as connected cars and autonomous driving.

Andreas Kuehlmann, Senior Vice President and General Manager, Software Integrity Group, Synopsys, commented: "Software vulnerabilities pose a serious threat to businesses across all industries, and whether you're developing web apps for personal banking or an embedded system for a car, addressing bugs early in the development lifecycle with automated tools like Coverity is critical. The Coverity 8.5 release increases the breadth and depth of the tool's analysis capabilities to better serve the needs of enterprise application security market, as well as safety-critical industries like automotive that are facing constantly evolving security threats."

The latest release also brings enhanced integration and reporting features to Coverity users, including updates and support for the latest IDE releases, and the introduction of a new Software Integrity Report, a dashboard-level report that aggregates software issues detected by Coverity and other tools in the Software Integrity Platform, including the Defensics fuzz testing tool and Protecode Supply Chain software composition analysis tool.

To support its growing customer base and expand its software integrity business in Asia Pacific, Synopsys is now offering a localised version of Coverity 8.5 in simplified Chinese, including a localised user interface, reporting, IDE plugins and documentation.

Featured products

Upcoming Events

View all events
Newsletter
Latest global electronics news
© Copyright 2024 Electronic Specifier