Coverity 7.0 with C#, Java, C, C++ Algorithms, SonarQube, Eclipse, VS and Clang Compiler Support
Coverity has released development testing platform 7.0 with 21 new and enhanced C# analysis algorithms with which accuracy of defect detection in C# codebases can be improved in addition to fixes for resource leaks, concurrency issues and null references.
The new release also includes new coverage for Open Web Application Security Project (OWASP) and enhancements to keep track of security vulnerabilities in Java applications including 17 enhanced analysis algorithms for Java and C/C++ codebases which enables you to find out the issues associated with crashes, inaccurate calculations or unpredictable behaviour.
Coverity 7 provides support for SonarQube integration which enables developers to view and manage a wide range of defects in Java applications within a single workflow in addition to new security audit and compliance views within connect and policy manager.
The recent release integrates with Eclipse and Visual Studio in addition to unit test analysis support on devices that run on the Android and WindRiver platforms. Moreover, it also provides support for Clang compiler which is widely used in the development of Objective-C and C/C++.
InfoQ had a chat with Kristin Brennan, Senior Director of Product Marketing, Coverity to know more about the latest release
InfoQ: How is Coverity different from the testing tool available with Visual Studio 2013?
The Coverity platform is complementary to the testing tool available in Visual Studio 2013 (formerly known as FxCop), as they look for different things. Back in the early days of the .NET framework, a set of guidelines was written to help enable consistent, standardized formats across all offerings in a particular library, e.g. what to name all of the members of a particular class; what name spaces should look like; what relationships between different kinds of classes should look like. The Visual Studio tool looks for places where those rules have been violated and brings them to your attention. And as the Visual Studio tool has evolved, it has also started looking for other problems in the code itself by analyzing the byte code. However, the issues found through byte code analysis tend to be shallow problems across a very broad set of possible defects.
The Coverity platform, by contrast, is a much deeper analysis of a narrower set of features. So whereas the Visual Studio tool analyzes byte code and is designed for code consistency, the Coverity solution analyzes source code and is designed to find critical, high-impact bugs -- such as null references, resource issues and threading issues.
InfoQ: Can you share with us the purpose of Coverity?
Coverity was founded with the mission of helping development organizations create and deliver better software, faster. The Coverity Development Testing Platform provides a static analysis solution that enables developers to quickly and efficiently test their code and address critical quality and security issues as it is written. This in turn transforms software development into a competitive advantage by enabling organizations to deliver high-quality, secure software to customers, faster.
InfoQ: What benefit does Coverity provide for developers?
The Coverity platform enables developers to create better software, faster, by enabling them to test their code and address high-impact quality and security issues as they write it.
InfoQ: What kind of apps can be tested using Coverity?
Any kind of application based on C/C++, Java and/or C# can be tested using the Coverity platform.
InfoQ: Does Coverity provide support for iOS, Android and Windows Phone 8?
The Coverity platform provides support for C/C++ code for iOS, as well as Android and Windows mobile devices.
Brandon Holt, Preston Briggs, Luis Ceze, Mark Oskin May 21, 2015
Kai Kreuzer, Olaf Weinmann May 21, 2015