Coverity, the software integrity leader, today announced the new Coverity Software Integrity Report as part of the new Coverity 5.3 release, which highlights the findings of software code tested with Coverity® Static Analysis. This report is specifically designed to help development organizations, line of business managers, and business executives know what software defects they are shipping in their products. Specifically, the report will be released with new automated, component-level reporting that breaks down project visibility by team and by code source. This enables customers to understand defect risk and severity by third party suppliers, open source, and quality of code by internal team.

“Today’s software development supply chains are complex, making it difficult to get insight on the integrity of code supplied from globally distributed teams, third party providers, and open source packages,” said Ezi Boteach, VP of Products at Coverity. “We are providing the Coverity Software Integrity Report in direct response to strong customer demand for visibility into the integrity of software defect and triage status within their internal and external supply chains.”

The Coverity Software Integrity Report will provide customers with the following capabilities:

  • Automated risk categorization reveals what was discovered in the code test using Coverity Static Analysis, including:
  • Defect risk by software component, including defect density (number of defects per thousand lines of code), number of high risk defects by component, and number of medium risk defects by component, which highlights areas of the software that pose the greatest risk for failure.  
  • Number of high risk defect types that leave the system the most vulnerable to a security breach or crash.
  • Number of medium risk defect types that developers generally prioritize due to risk of compromising product behavior.
  • Target number of defects required to achieve a Coverity integrity rating, computed using the defect density target and the size of the code base.
  • Triage status and user-assigned severity highlights what defect types have been addressed by development teams, including:
  • Number of defects by user-assigned severity category (major, moderate, minor), representing how developers have prioritized defect impact.
  • Defect severity by software component, indicating how developers have ranked and prioritized defect triage.
  • Number of defects that have been reviewed and current status indicating defects outstanding, dismissed as false positives, and fixed.
  • Automated integrity ratings based on total number of defects per thousand lines of code:
  • Provides an early indicator of overall code quality.
  • Enables an objective comparison of multiple code bases between internal development teams and external software suppliers.
  • Based on an assessment of the potential impact of defects, type of defects, defect density, correct use of Coverity products, and analysis accuracy.

Coverity 5.3 will also deliver the following capabilities for customers:

  • Component based management features that enable customers to:
  • Automatically assign defects to the appropriate developers responsible for specific code components based upon analysis as part of nightly builds.
  • Prioritize and visualize parts of the code base that have the highest defect density and need to be addressed first.

New and enhanced compiler and checker support:

  • Compilers: MSVS 2010, improved GCC compatibility, .NET 4.0 for C# support, Nintendo DS/Wii, Renesas RX compiler.
  • Android-specific checkers for Java: new checkers, options, and modeling of existing Java analyzers to flag Google Android-SDK specific issues. This allows Android development groups to find defects that lead to low battery life, usability and performance slowdowns.
  • New checker – MIXED_ENUMS: mixing different enum types leads to code that when executed results in unexpected application behavior. The MIXED_ENUMS checker catches such coding errors that neither the compiler warns about, nor can be easily detected during peer reviews.
  • IDE Plug-in Enhancements for Microsoft Visual Studio and Eclipse enabling flexible usage models aligned to the developer’s existing workflow.
  • Analysis performance improvements for Java: 30-40% improvement in analysis speed.

Coverity 5.3 will be generally available December 15, 2010. Companies interested in receiving their own Software Integrity Report can register here.