Coverity 2018.12 adds analysis without build, covers more languages and frameworks, finds more vulnerabilities, and supports enterprise application security goals.
On behalf of the product team at Synopsys Software Integrity Group, I’m excited to announce the availability of the Coverity 2018.12 release, which significantly expands Coverity’s value in the domain of enterprise application security testing. Coverity 2018.12 enables enterprise IT teams to exercise control over software vulnerabilities, and therefore promotes a robust security posture in applications before they are deployed into production.
“Enterprise application security teams need to be able to assess their growing and increasingly diverse application inventories for vulnerabilities, while minimizing impact to their development velocity and business operations,” says Andreas Kuehlmann, co-general manager of the Synopsys Software Integrity Group. “The latest Coverity release enables security teams to do just that by extending our world-class static analysis technology to a wider range of applications and making it easier than ever to implement and scale across large application portfolios.”
The development, deployment, and securing of enterprise applications involves several key stakeholders, including development teams and the security team under the CISO. Each team has their own unique objectives and needs. Developers want a static analysis tool that accurately flags vulnerabilities and is integrated into their existing development workflow. On the other hand, the security team needs a comprehensive view across the application portfolio to assess the organization’s risk profile and determine compliance. Coverity 2018.12 equips both stakeholders with the right tools to analyze source code and generate comprehensive results on a broad range of programming languages and application frameworks.
Several exciting new capabilities significantly broaden Coverity’s range and versatility for analysis of enterprise web and mobile applications.
Analysis without build
Security teams need to assess the vulnerability picture across hundreds of applications and meet compliance requirements, which requires a quick, easy way to scan application code for vulnerabilities. Analysis without build is exactly that: Point to your source code projects or GitHub URLs and analyze. There’s nothing to build, and therefore no build system integration required. Unlike competitors, the tool is capable of parsing the project files to automatically identify and download dependent packages before analyzing them. Compared to previous versions, Coverity 2018.12 significantly lowers the barriers for enterprise security teams to assess and govern security across their application portfolio.
Expanded language and framework support
Many enterprises use a wide variety of languages across their development environments. Assessing the security picture across apps written in such diverse environments dictates that static analysis have broad language support to address the needs of these organizations. To broaden its coverage of these environments, Coverity 2018.12 supports TypeScript, .NET Core, Swift 4.1, and Ruby on Rails.
Finding more vulnerabilities that matter
The real value in any static analysis product is in its ability to find exploitable vulnerabilities in code and accurately distinguish nonissues and low-impact findings. Coverity’s analysis engine utilizes a variety of analysis techniques, some patented, each looking at the code in different ways to find the most actionable and critical security vulnerabilities.
Additionally, Coverity’s ability to understand and incorporate frameworks as a part of the analysis provides a deep, thorough assessment of the security risks that other SAST solutions may miss.
As you can see above, Coverity 2018.12 goes the extra mile to achieve an in-depth understanding of applications and their vulnerabilities.
Coverity 2018.12 supports enterprise application security goals
As weaknesses in the application layer continue to be exploited by attackers, enterprise security teams are adopting Coverity to find, prioritize, and remove critical vulnerabilities before they make it into the production environment.
Coverity 2018.12 helps enterprise security teams in three key ways:
- Usability. Analysis without build allows them to easily scan projects and quickly generate high-quality results.
- Broad language and framework support. Coverity can find vulnerabilities in most tech stacks used by modern development organizations.
- Comprehensive vulnerability analysis. Coverity can find more vulnerabilities in more places with its sophisticated and deep understanding of applications.
With that, Coverity 2018.12 helps enterprises make more informed decisions on maintaining and improving their application security posture.
This post was updated Jan. 15 to reflect information from the press release.
*** This is a Security Bloggers Network syndicated blog from Software Integrity Blog authored by Yatin Patil. Read the original post at: https://www.synopsys.com/blogs/software-security/enterprise-application-security-coverity-2018-12/