MOUNTAIN VIEW, Calif., July 11, 2016 — Synopsys, Inc. (Nasdaq:SNPS) announced the version 8.5 release of Coverity® , the company's industry-leading static analysis tool and one of the core components of its Software Integrity Platform. Coverity is an automated software testing tool that analyzes source code to detect critical security vulnerabilities and defects early in the software development life cycle.
Coverity and the other tools in Synopsys' Software Integrity Platform are used to facilitate “software signoff,” an integrated development and testing methodology that aims to ensure software quality and security. Pioneered by Synopsys to emulate the signoff concept used in integrated circuit (IC) design, software signoff involves a series of automated testing cycles at critical points throughout the software development life cycle and software supply chain.
The Coverity 8.5 release includes several important updates to enhance its security analysis and reporting capabilities and extend its utility to a broader audience, including organizations developing web and mobile applications and software systems for vehicles and other safety-critical systems.
Enterprise application security testing for web apps, mobile apps, and more
Coverity 8.5 strengthens Synopsys' offering to the enterprise market by adding analysis capabilities for Ruby and node.js, two increasingly popular programming languages used to develop web applications. The release also introduces foundational security analysis for Android mobile applications to address the growing concern around enterprise mobile security. In addition, this release enhances Coverity's security-focused analysis for several supported programming languages to detect a wider range of vulnerabilities, including the OWASP Top 10, CWE/SANS Top 25 and more.
Enabling safety and security in automotive software
Coverity 8.5 also strengthens Synopsys' offering for the automotive and other safety-critical industries by adding full coverage for MISRA C 2012, a widely adopted set of software development guidelines for facilitating code security and safety. This follows Synopsys' May announcement of Coverity’s ISO 26262 certification and further advances the company's efforts to address vehicle security and safety in the midst of emerging industry trends such as connected cars and autonomous driving.
For more information, please refer to the Coverity product brief for MISRA C 2012 compliance.
“Software vulnerabilities pose a serious threat to businesses across all industries, and whether you're developing web apps for personal banking or an embedded system for a car, addressing bugs early in the development lifecycle with automated tools like Coverity is critical,” said Andreas Kuehlmann, senior vice president and general manager of Synopsys' Software Integrity Group. “The Coverity 8.5 release increases the breadth and depth of the tool's analysis capabilities to better serve the needs of enterprise application security market, as well as safety-critical industries like automotive that are facing constantly evolving security threats.”
The latest release also brings enhanced integration and reporting features to Coverity users, including updates and support for the latest IDE (integrated development environment) releases, and the introduction of a new “Software Integrity Report,” a dashboard-level report that aggregates software issues detected by Coverity and other tools in the Software Integrity Platform, including the Defensics fuzz testing tool and Protecode Supply Chain software composition analysis tool.
To support its growing customer base and expand its software integrity business in Asia Pacific, Synopsys is now offering a localized version of Coverity 8.5 in simplified Chinese, including a localized user interface, reporting, IDE plugins and documentation.
About the Synopsys Software Integrity Platform
Through its Software Integrity Platform, Synopsys provides advanced solutions for improving software quality and security. This comprehensive platform of automated analysis and testing technologies integrates seamlessly into the software development process and enables organizations to detect and remediate quality defects, security vulnerabilities and compliance issues early in the software development life cycle, as well as to gain security assurance with and visibility into their software supply chain.
Learn more about Synopsys