Coverity Adds GitHub, Travis CI Integrations, Updates Testing Platform

By Darryl K. Taft  |  Posted 2014-02-03

Coverity Adds GitHub, Travis CI Integrations, Updates Testing Platform

Coverity, a provider of software development testing solutions, announced two new integrations to help open-source software developers.

The company announced two integrations for Coverity Scan, its cloud-based, open-source static analysis service. The new integrations will provide open-source software developers who are using GitHub and Travis CI with easier access to the Coverity Scan service, enabling them to create higher-quality, more secure code.

The Coverity Scan service provides Coverity's development testing technology at no cost to the open-source community. The service is used by many of the industry's largest open-source projects, such as Linux, Apache and Python, which have their own development infrastructure. Yet, with the introduction of these new integrations, the Coverity Scan service is accessible to open-source projects that do not have their own infrastructure, and instead rely on GitHub and Travis CI for their source control management and continuous integration needs.

GitHub is a popular, Web-based software hosting service, which has more than 4 million users who collaborate across more than 10 million repositories. Travis CI is also based in the cloud, providing a continuous software integration service to developers and currently running more than 4.2 million test builds on more than 41,000 open-source projects.

With these new integrations for the Coverity Scan service, which has scanned more than 1,200 open-source projects and found and fixed more than 51,000 defects in 2013 alone, developers will be able to use their cloud-based platforms to write their code, build their applications and find and fix high-impact defects before releasing their software.

"GitHub and Travis CI are two of the most commonly used cloud-based development resources for the open-source community and with these new integrations, developers will be able to view defects in their projects with just a few clicks of a button," Zack Samocha, senior director of products for Coverity, said in a statement. "Coverity is committed to helping developers write better code faster. By offering these new integrations, we will be able to help the open-source community find and fix high-impact quality and security defects in their projects, faster and more efficiently."

Meanwhile, at the end of January, Coverity announced that developers could use the Coverity Development Testing Platform via a free, cloud-based trial. Through this new trial, developers can upload Java, C# and C/C++ source code to Coverity's secure cloud-testing platform. Once code has been uploaded, the Coverity platform analyzes the code and highlights high-impact defects, such as resource leaks, memory corruptions and security vulnerabilities.

"This cloud-based trial removes any barriers of entry for developers interested in test-driving our platform and backs Coverity's commitment to helping more developers write bug-free, secure software code," said Anthony Bettencourt, chairman and CEO of Coverity.

The Coverity Development Testing Platform enables developers to build quality and security testing into the development process at the earliest stage. For more information on the cloud trial, go here.

Also, earlier in January, Coverity released the Coverity Development Testing Platform 7.0, the latest version of its software testing platform.

Coverity Development Testing Platform 7.0 combines code analysis, change-aware unit test analysis and policy management across C/C++, Java and C#, three of the most widely adopted programming languages for Enterprise IT application development.


Coverity Adds GitHub, Travis CI Integrations, Updates Testing Platform

"As software continues to drive innovation and competitive advantage, organizations must integrate testing earlier in the development process to help ensure high quality and the security of their source code," Melinda Ballou, program director for IDC's Application Lifecycle Management and Executive Strategies service, said in a statement. "And with increasing deployment complexity across mobile, cloud and social platforms and pressure for quick release cycles, it's more important than ever that teams have visibility into risk and use that intelligence to focus and prioritize their testing efforts. Features such as those offered by Coverity 7, including expanded Java and C# testing capabilities and broad programming language support, can help development teams release better quality software faster and more efficiently."

New features in the Coverity platform include 21 new and enhanced C# analysis algorithms as well as new and expanded coverage for the Open Web Application Security Project (OWASP) Top 10 and Common Weakness Enumerations (CWE) security vulnerabilities in Java applications. It also features 17 new and enhanced analysis algorithms for Java and C/C++ codebases, making it easier to find critical issues that could lead to crashes, inaccurate calculations or unpredictable behavior.

In addition, new security audit and compliance views and reports within Coverity Connect and Coverity Policy Manager make it easy to zoom into security issues identified, fixed and outstanding, as well as report on compliance with regulations and standards such as the Payment Card Industry Data Security Standard (PCI DSS) and the OWASP Top 10.

The new release also features new Coverity Test Advisor integrations with the Eclipse and Microsoft Visual Studio integrated development environments (IDEs) to provide developers with intelligence into which unit tests they need to write and run based on the impact of a code change, right from the developer's desktop. In addition, Coverity Test Advisor has expanded support for unit test analysis on devices that run on the Android and Wind River platforms.

Moreover, the Coverity platform 7.0 enables developers to import defects into SonarQube, a popular open-source quality management platform used in Java development, to view and manage a broader range of defects in Java applications within a single workflow. And the Coverity platform now supports the Clang compiler, which is rapidly growing in popularity for mobile and Web application development, and is commonly used in Objective-C and C/C++ software development.

"The risks associated with poor software quality and security have never been greater, and the need for development testing in this world of Agile and continuous software delivery is business-critical to reducing this risk," Bettencourt said. "Our mission is to empower the 11 million professional software developers in the world to create better software, and deliver more value to customers, every day. We applaud the more than 1,100 Coverity customers and 1,000 open-source projects that rely on our platform to help them deliver innovative products to the market, faster for competitive advantage."

"When Eric Lippert joined Coverity last year, it was a win for the entire C# development community," said Andreas Kuehlmann, senior vice president of research and development for Coverity. "Eric has been able to apply his deep expertise of C# built over his 16-year tenure at Microsoft, part of which was as a principal developer of the C# compiler, to our existing strength and innovations in static analysis technology."


Rocket Fuel