configurationjqueryfind

|synopsys.
com|1CoverityStaticAnalysisQuicklyfindandfixcriticalsecurityandqualityissuesasyoucodeOverviewCoveritygivesyouthespeed,easeofuse,accuracy,industrystandardscompliance,andscalabilitythatyouneedtodevelophigh-quality,secureapplications.
Coverityidentifiescriticalsoftwarequalitydefectsandsecurityvulnerabilitiesincodeasit'swritten,earlyinthedevelopmentprocess,whenit'sleastcostlyandeasiesttofix.
Preciseactionableremediationadviceandcontext-specificeLearninghelpyourdevelopersunderstandhowtofixtheirprioritizedissuesquickly,withouthavingtobecomesecurityexperts.
CoverityseamlesslyintegratesautomatedsecuritytestingintoyourCI/CDpipelinesandsupportsyourexistingdevelopmenttoolsandworkflows.
Choosewhereandhowtodoyourdevelopment:on-premisesorinthecloudwiththePolarisSoftwareIntegrityPlatform(SaaS),ahighlyscalable,cloud-basedapplicationsecurityplatform.
Coveritysupports21languagesandover70frameworksandtemplates.
KeyfeaturesFastandaccurateanalysisWiththeCodeSightintegrateddevelopmentenvironment(IDE)plugin,developersgetaccurateanalysisinsecondsintheirIDEastheycode.
High-fidelityincrementalanalysisrunsautomaticallyinthebackgroundandusesthesamecomprehensiveCoverityanalysisengineusedforfullcentralanalysis,ensuringconsistent,accurateresults.
Coverityprovidesdevelopersalltheinformationtheyneedtounderstandhowtofixidentifiedissues—detaileddescriptions,categories,severities,CWEinformation,defectlocation,detailedremediationguidance,anddataflowtraces—aswellasissuetriageandmanagementfeatures,withintheirIDE.
Coverity's"analysiswithoutbuild"featureenablessecurityteamstoindependentlyassesssecurityissuesinsoftwarewithoutbuildingit.
Simplyspecifythelocationoftheproject,andCoveritywillautomaticallyidentify,download,andanalyzeallrequireddependencies.
ComprehensivereportingandcompliancevisibilityPolarisintegratesSynopsysanalysisengines,includingCoveritystaticanalysisandBlackDucksoftwarecompositionanalysis,andSynopsysManagedServicestoprovideorganizationswithaholisticviewoftheirapplications'riskpostureatdifferentsoftwaredevelopmentlifecycle(SDLC)stages.
Securityteamscangetacentralizedaggregatedriskprofileoftheirentireapplicationportfolio.
APIsenableimportingresultsintootherriskreportingtools.
Youcanfilteridentifiedvulnerabilitiesbycategory,viewtrendreports,prioritizeremediationofvulnerabilitiesbasedoncriticality,andmanagesecuritypolicycompliance(e.
g.
,OWASPTop10,CWETop25,andPCIDSS)acrossteamsandprojects.
"Issuesovertime"reportsshowseveritylevelsoverdifferenttimeframesandgiveyouimmediateinformationaboutthesecuritypostureofyourprojects.
PDFreportdownloadsallowauditorstomaintaindetailedcompliancerecords.
|synopsys.
com|2Inaddition,Coverityprovidesbest-in-classidentificationofcodequalityissuesforC/C++andthemostcomprehensivecoverageofstandardsrelatedtosafety,security,andreliability(e.
g.
,MISRA,CERTC/C++,CERTJava,DISASTIG,ISO26262,ISO/IECTS17961,andAUTOSAR),aswellasqualityissuesdescribedinNvidia'sCUDAC++guidelines.
EnterprisescalabilityandagilityWithCoverityonPolaris,organizationsdon'tneedtoinstallandmaintaincostlyon-premisesequipmentbutcanelasticallyscaletheirapplicationsecuritytestingtomeettheirgrowingbusinessneeds.
PolarissetupisassimpleasloggingintoaURL,thendownloadingandinstallingthecommandlineinterface(CLI)orrunningitthroughyourCIworkflowstostartanalysisofyoursourcecode.
SincetheCoverityanalysisenginesrunonahighlyavailablecloudplatform,CoverityonPolariscaneasilyscaletoaccommodatethousandsofdevelopersandprojectsandhandlemillionsofissueswithhighperformanceanduptime.
TheCodeSightpluginrequireszeroconfigurationandcanbedownloadedfromthemarketplacewebsitesforVisualStudio,Eclipse,IntelliJ,WebStorm,PyCharm,PhpStorm,andRubyMine.
SoftwaredevelopmentlifecycleintegrationsCoverityhasnativeintegrationsforIDEs(e.
g.
,VisualStudio,Eclipse,IntelliJ,RubyMine,WindRiverWorkbench,andAndroidStudio),sourcecodemanagement(SCM)solutions,issuetrackers(e.
g.
,JiraandBugzilla),CIbuildtools(e.
g.
,JenkinsandAzureDevOps),andapplicationlifecyclemanagement(ALM)solutions.
RESTAPIsareavailabletosupportotherbuildautomationsolutionsaswellasimportinganalysisresultsintootherenterpriseorcustomtools.
CoverityonPolarisprovidesadditionalpluginsandintegrationsforautomatedcloud-basedsecuritytestingduringdevelopmentandpre-deploymentstages.
RESTAPIsareavailableforimportinganalysisresultsintosecurityandriskreportingtools.
RefertothePolarisdatasheetforadditionalinformation.
ComprehensiveissuemanagementdashboardsInadditiontoCodeSightforlocalIDE-baseddevelopment,theCoverityonPolarisweb-basedunifiedplatforminterfacealsohelpsdevelopersfixidentifiedissuesandprovidesdetaileddescriptions,categories,severities,CWEinformation,defectlocation,detailedremediationguidance,anddataflowtraces,aswellascentralizedissuetriageanddetailedissuehistorylogs.
Developmentmanagersareabletocreate"issuesovertime"trendlinechartsshowingoverallsecurityriskandcompliancetoindustrystandards(e.
g.
,OWASPTop10andCWETop25)andhowindividualdevelopersorentireprojectteamsaredoinginclearingtheirprioritizedissues.
YoucaneasilyviewreportingdashboardsofIndustryRecognizedPriorityLists,Top5IssuesTypes,andTechnicalRiskIndicatorssothatyoucanfocusonissuesthatmattermosttoyourorganizationandprioritizethem.
PredefinedfiltersallowyoutofilterandgroupissuesbyCWE,standardstaxonomy,prioritylist,riskindicator,path,andindividualdeveloperowners.
ExpandedstandardscomplianceandvulnerabilitydetectionCoverityExtendisaneasy-to-usesoftwaredevelopmentkit(SDK)thatallowsdeveloperstodetectuniquedefecttypes.
TheSDKisaframeworkforwritingprogramanalyzers,orcheckers,toidentifycustomordomain-specificdefects.
CoverityCodeXMisadomain-specificfunctionalprogramminglanguagethatenablesdeveloperstodeveloptheirowncustomcheckerseasily.
Thesecustomizedcheckerssupportcompliancewithcorporatesecurityrequirementsandindustrystandardsorguidelines.
BenefitsGetimprovedvisibilityintosecurityrisk.
Cross-productreportingprovidesaholistic,morecompleteviewofaproject'sriskusingbest-in-classSASTandSCAtoolsandSynopsysManagedServices.
Deploymentflexibility.
YoudecidewhichsetofprojectstodoAppSectestingfor:on-premisesorinthecloud.
Shiftsecuritytestingleft.
Developersgethigh-fidelityincrementalanalysisresultsinsecondsastheycode,sotheycanfixanyissuespriortothebuild-testphase.
Supportdevelopers.
Enableyourteamstofixsoftwaredefectsquickly,easily,andcorrectlybysupplyingallthecontext,details,andadvicetheyneedtounderstandhowtofixissues.
Context-specificeLearning(availabletoeLearningcustomers)specifictoCWEsidentifiedindevelopers'owncodeprovidesimmediatesecuritytrainingwhentheyneedit.
Developersdon'tneedtobesecurityexperts.
|synopsys.
com|3SupportedlanguagesandplatformsC/C++C#CUDAJavaJavaScriptJavaAndroidSDKApacheShiroAxisDWREnterpriseJavaBeans(EJBs)GWTHibernateiBatisJavaFrameworksJavaPersistenceAPI(JPA)Javax.
websocketJAXRSJAXWSJEEJSF/FaceletsJSPandJSPStandardTagLibrary(JSTL)ReactiveX(RxJava,Reactor)RestletSpringBootSpringFrameworkStrutsTerasolunaTilesVert.
xWSXML-RPCC#ASP.
NETCoreMVC/ASP.
NETMVCASP.
NETCoreWebAPIASP.
NETASMXWebServicesASP.
NETWebFormsIdentityServerMassTransitRazortemplatesWCFServicesCoverityStaticAnalysis|TechnicalSpecificationPHPPython.
NETCoreASP.
NETObjective-CGoJSPRubyJavaScript/TypeScriptClient-sideAngularAngularJSApacheCordovaBackboneBootstrapEmberHTML5DOMAPIs/AjaxjQueryMithrilReact/PreactSocket.
IOSwigVueServer-sideAngularserver-siderendering(ExpressandHapiengines)ExpressFastifyHapiKoaMean.
ioNodePassportReactserver-siderendering(Next.
js)RestifySAPXSClassicandAdvancedSocket.
IOVueserver-siderenderingTemplateenginesConsolidatedoT.
jsEJSHandlebarsHoganSwiftFortranScalaVB.
NETiOSAndroidTypeScriptKotlinJadekoa-viewsLodash(templating)MarkoMustacheNunjucksPugSwigTwigUnderscore(templating)VisionMajorlibrariesAxiosGoogleCloudAPIs(Storage)Mongoose/MongoDBRequestSequelizeSqlxSwashbuckleUnderscore/LodashGOEchoPHPSymfonyPythonFlaskDjangoRubyRubyonRailsSupportedplatformsWindowsLinuxMacOSXSolarisSupportedframeworksCoveritysupportsover70differentframeworksforJava,JavaScript,C#,andotherlanguages.
CoverityalsosupportssecuritymodelingofmajorcloudproviderAPIframeworksforcloud-nativeJavaScriptappsthatinteractwithAWSservices(EC2,S3,DynamoDB,IAM)andGoogleCloudStorageAPIs(GCP).
|synopsys.
com|4AIXNetBSDFreeBSDSDLCnativeintegrationsSCMAccuRevApacheSubversion(SVN)CVSGitMercurial(Hg)PerforceHelixTeamFoundationServerSCMLegacyIDEsIBMRationalTeamConcertQNXMomenticsWindRiverWorkbenchCIbuildservers*JenkinsAzureDevOpsServerCodeSightsupportedIDEsVisualStudioforVB.
NET,C#,C/C++,JavaScript,PHP,Python,Ruby,TypeScriptVisualStudioCodeforC#(.
NETCore),C/C++,Java,JavaScript,PHP,Python,Ruby,TypeScriptEclipseforJava,JavaScript,C/C++,PHP,Python,Ruby,TypeScriptIntelliJforJava,JavaScript,PHP,Python,Ruby,TypeScriptWebStormforJavaScript,TypeScriptPyCharmforPythonPhpStormforPHPRubyMineforRubyIssuetrackingJiraBugzillaSupportedcompilersAnalogDevicesBlackfinAnalogDevicesSHARCAnalogDevicesTigerSHARCARMC/C++BorlandC++CEVA-XC4500ClangCosmicCFreescaleCodeWarriorGNUGCC/G++GreenHillsC/C++/EC++HI-TECHPICCIARC/C++IBMAIXIBMXLCIntelC++JDKforMacOSXKeilcompilersMarvellMSAMPLABXC8NvidiaCUDACompiler(NVCC)OpenJDKQNXC/C++RenesasC/C++SNCC/C++SNCGNUC/C++SONYPS4SDKSTMicroelectronicsGNUC/C++STMicroelectronicsSTMicroC/C++Sun(Oracle)CCSun/OracleJDKSynopsysMetaWareCandC++TaskingforARMCortexandTriCoreTICodeComposerVisualStudioWindRiverC/C++(Thislistisnotexclusive)CriticalchecksAPIusageerrorsBestpracticecodingerrorsBufferoverflowsBuildsystemissuesClasshierarchyinconsistenciesCodemaintainabilityissuesConcurrentdataaccessviolationsControlflowissuesCross-siterequestforgery(CSRF)Cross-sitescripting(XSS)DeadlocksErrorhandlingissuesHard-codedcredentialsIncorrectexpressionInsecuredatahandlingIntegerhandlingissuesIntegeroverflowsMemory—corruptionsMemory—illegalaccessesNullpointerdereferencesPathmanipulationPerformanceinefficienciesProgramhangsRaceconditionsResourceleaksRuleviolationsSecuritybestpracticesviolationsSecuritymisconfigurationsSQLinjectionUninitializedmembersTheSynopsysdifferenceSynopsyshelpsdevelopmentteamsbuildsecure,high-qualitysoftware,minimizingriskswhilemaximizingspeedandproductivity.
Synopsys,arecognizedleaderinapplicationsecurity,providesstaticanalysis,softwarecompositionanalysis,anddynamicanalysissolutionsthatenableteamstoquicklyfindandfixvulnerabilitiesanddefectsinproprietarycode,opensourcecomponents,andapplicationbehavior.
FormoreinformationabouttheSynopsysSoftwareIntegrityGroup,visitusonlineatwww.
synopsys.
com/software.
Synopsys,Inc.
185BerryStreet,Suite6500SanFrancisco,CA94107USAU.
S.
Sales:800.
873.
8193InternationalSales:+1415.
321.
5237Email:sig-info@synopsys.
com2021Synopsys,Inc.
Allrightsreserved.
SynopsysisatrademarkofSynopsys,Inc.
intheUnitedStatesandothercountries.
AlistofSynopsystrademarksisavailableatwww.
synopsys.
com/copyright.
html.
Allothernamesmentionedhereinaretrademarksorregisteredtrademarksoftheirrespectiveowners.
March2021.
*ForadditionalCoverityonPolarisCIbuildserverandotherpluginintegrations,seethePolarisdatasheet.
ForthelatestCodeSightandsupportedIDEversionnumbers,seehttps://dev.
sig-docs.
synopsys.
com/codesight/topics/support_matrix/r_code_sight_support_matrix.
htmlThisdatasheetappliestoCoverity2021.
03andlaterreleases.