Coverity, Inc., the software integrity leader, today announced the release of Coverity Integrity Control. Coverity Integrity Control is a new solution for code governance that enables software development organizations to set policies for code quality and security, and then manage, monitor and report on these policies as code is tested. With Coverity Integrity Control, companies can automatically manage and enforce standard code testing policies across in-house development teams, outsourced development teams, and software provided by third party suppliers, gaining deep visibility into development risk across the software supply chain.
“The lack of governance over the software supply chain has put the revenue and reputations of Global 2000 brands at risk,” said Anthony Bettencourt, Coverity CEO. “Coverity Integrity Control is a new way to address this problem by enabling companies to govern and manage third party software against the same criteria as in-house development teams. Coverity extends both our market and technology leadership with this breakthrough new code governance product.”
Coverity Integrity Control is an integrated solution which leverages code testing results from Coverity Static Analysis, and offers advanced code governance features including:
• Policy Management: Set standard thresholds, SLAs and policies for code quality and security (such as defect density and number of defects by criticality, type or impact), as well as productivity and efficiency (such as time-to-fix defects and technical debt) across suppliers, outsourcers, open source, and in-house teams.
• Executive Heat Map Alerts & Code Control Panel: Gain insight into development risk across the software supply chain with a single view of code sources by supplier, component and development team. Monitor and identify suppliers, components or teams in violation of code governance policies via alerts that appear with any breach of integrity standards. Drill down into each policy to pinpoint the full context of the code problem, the specific policy in violation, and where it originated.
• Policy Breach Notification: Notify third party suppliers of code governance violations by automatically producing and sending a Coverity Software Integrity Report that summarizes the high risk defects that exist in their software and components.
• Third Party Supplier SLA Enforcement: Consistently measure suppliers against standard quality and security SLAs, and automatically audit for SLA violations on-demand. Suppliers can build policies aligned to established SLAs and self-certify their code upon delivery to their supply chain partners.
• Code Testing & Coverity Integrity Manager Integration: Set policies that evoke priorities for code testing with Coverity Static Analysis. Notify developers of quality or security policy violations within their existing workflow, prioritized by risk and impact, so they know what problems to fix first, and report on progress towards compliance with policies. Produce an updated risk profile with every code iteration and test.
“Defects in code directly contribute to product delays and recalls, impact customer satisfaction, and revenue loss. It is critical for the business to understand what development issues are slowing time to market or which software suppliers may be introducing quality and security risks into their products,” said Ezi Boteach, Coverity VP of Products. “Implementing a process for code governance enables better risk management and brings development into closer concert with overall business priorities.”
“Customer organizations not only need to own the overall supply chain but also are responsible for ensuring its quality,” said Dave West, Principal Analyst at Forrester Research Inc. in his August 3, 2010 blog post entitled “Observations On The Future Of ALM”. “That means, as writing code decreases, inspection, validation, and testing increase. The result is that traceability, workflow, and reporting are inclusive of customer code but also supplier code.”
“Working software is essential to the brand value and promise of modern organizations. Organizations must have visibility into the software assets of its global supply chain in order to properly manage business risk and protect the brand. Modern analysis solutions now extend into development to enable governance of complex development software supply chains,” said Theresa Lanowitz of Voke. “Coverity is executing on a strategy to fill the code governance gap by providing much needed visibility into development through a new type of ‘early warning system’ for code risk across the software supply chain.”
Software Code Governance
Software code governance is the process for development organizations to define and test standard software policies for quality, security and efficiency that are aligned to business priorities, as well as manage development risk across the software supply chain. Coverity Integrity Control is a software code governance solution that provides alerts to violations of software policies that can compromise customer satisfaction, time-to-market, or profitability.
Coverity Integrity Control is generally available.