Synopsys Releases Coverity 8.5 Static Analysis Tool

MOUNTAIN VIEW, Calif., July 11, 2016 /PRNewswire/ —

Highlights:

Introduces Coverity static analysis capabilities for Ruby and node.js web applications, as well as Android mobile applications
Expands Coverity security analysis to mitigate a wider range of security vulnerabilities
Adds full support for MISRA C 2012 coding guidelines used in automotive, medical device and other safety-critical industries
Enhances development lifecycle integration and reporting, including consolidated reporting functionality across several tools in the Software Integrity Platform
Adds localization in simplified Chinese to Coverity user interface and documentation

Synopsys, Inc. (Nasdaq:SNPS) today announced the version 8.5 release of Coverity^®, the company’s industry-leading static analysis tool and one of the core components of its Software Integrity Platform. Coverity is an automated software testing tool that analyzes source code to detect critical security vulnerabilities and defects early in the software development lifecycle.

Coverity and the other tools in Synopsys’ Software Integrity Platform are used to facilitate “software signoff,” an integrated development and testing methodology that aims to ensure software quality and security. Pioneered by Synopsys to emulate the signoff concept used in integrated circuit (IC) design, software signoff involves a series of automated testing cycles at critical points throughout the software development lifecycle and software supply chain.

The Coverity 8.5 release includes several important updates to enhance its security analysis and reporting capabilities and extend its utility to a broader audience, including organizations developing web and mobile applications and software systems for vehicles and other safety-critical systems.

Enterprise Application Security Testing for Web Apps, Mobile Apps and More

Coverity 8.5 strengthens Synopsys’ offering to the enterprise market by adding analysis capabilities for Ruby and node.js, two increasingly popular programming languages used to develop web applications. The release also introduces foundational security analysis for Android mobile applications to address the growing concern around enterprise mobile security. In addition, this release enhances Coverity’s security-focused analysis for several supported programming languages to detect a wider range of vulnerabilities, including the OWASP Top 10, CWE/SANS Top 25 and more.

Enabling Safety and Security in Automotive Software

Coverity 8.5 also strengthens Synopsys’ offering for the automotive and other safety-critical industries by adding full coverage for MISRA C 2012, a widely adopted set of software development guidelines for facilitating code security and safety. This follows Synopsys’ May announcement ofCoverity’s ISO 26262 certification and further advances the company’s efforts to address vehicle security and safety in the midst of emerging industry trends such as connected cars and autonomous driving.

For more information, please refer to the Coverity product brief for MISRA C 2012 compliance.

“Software vulnerabilities pose a serious threat to businesses across all industries, and whether you’re developing web apps for personal banking or an embedded system for a car, addressing bugs early in the development lifecycle with automated tools like Coverity is critical,” said Andreas Kuehlmann, senior vice president and general manager of Synopsys’ Software Integrity Group. “The Coverity 8.5 release increases the breadth and depth of the tool’s analysis capabilities to better serve the needs of enterprise application security market, as well as safety-critical industries like automotive that are facing constantly evolving security threats.”

The latest release also brings enhanced integration and reporting features to Coverity users, including updates and support for the latest IDE (integrated development environment) releases, and the introduction of a new “Software Integrity Report,” a dashboard-level report that aggregates software issues detected by Coverity and other tools in the Software Integrity Platform, including the Defensics^® fuzz testing tool and Protecode^™Supply Chain software composition analysis tool.

To support its growing customer base and expand its software integrity business in Asia Pacific, Synopsys is now offering a localized version of Coverity 8.5 in simplified Chinese, including a localized user interface, reporting, IDE plugins and documentation.

About the Synopsys Software Integrity Platform

Through its Software Integrity Platform, Synopsys provides advanced solutions for improving software quality and security. This comprehensive platform of automated analysis and testing technologies integrates seamlessly into the software development process and enables organizations to detect and remediate quality defects, security vulnerabilities and compliance issues early in the software development lifecycle, as well as to gain security assurance with and visibility into their software supply chain.

About Synopsys

Synopsys, Inc. (Nasdaq:SNPS) is the Silicon to Software™ partner for innovative companies developing the electronic products and software applications we rely on every day. As the world’s 15^th largest software company, Synopsys has a long history of being a global leader in electronic design automation (EDA) and semiconductor IP and is also growing its leadership in software quality and security solutions. Whether you’re a system-on-chip (SoC) designer creating advanced semiconductors, or a software developer writing applications that require the highest quality and security, Synopsys has the solutions needed to deliver innovative, high-quality, secure products. Learn more at www.synopsys.com.