Coverity公司 Static Application Security Testing (SAST)

Address security and quality defects in code as it is being developed

Accelerate development.Increase security & quality.

Coverity公司® static application security testing (SAST) helps you build software that’s more secure, higher-quality, and compliant with standards.Coverity公司’s speed, accuracy, ease of use, and scalability meet the needs of even the largest, most complex environments.Precise, actionable remediation advice and context-specific eLearning help your developers fix defects fast, while seamless integration into yourCI/CDpipelines automates testing to maintain development velocity.Choose where and how to do your development: on-premises or in the cloud with Polaris Software Integrity Platform™.

We’re a Gartner Magic Quadrant Leader in application security testing—again.

Find out why

SAST static analysis

Fix faster today and code better tomorrow

With the Code Sight™ IDE plugin, Coverity provides developers all the information they need to fix identified issues—detailed descriptions, categories, severities, CWE information, defect location, detailed remediation guidance, and dataflow traces—as well as issue triage and management features, within their IDE.In addition, Coverity provides context-specific在线学习 lessonsspecific to CWEs identified in their code so they can fix it quickly today and avoid similar defects in the future.

Coverity公司 CWE coverage

Maintain speed without compromising accuracy

With Code Sight, developers get accurate analysis in seconds in the IDE as they code.High-fidelity incremental analysis runs automatically in the background and uses the same comprehensive Coverity analysis engine used for full central analysis, ensuring consistent, accurate results.

Automate Static Analysis in Your SDLC With Coverity

comprehensive analysis at enterprise scale

Comprehensive SAST at enterprise scale

Coverity容易支持成千上万的项目 developers and millions of issues.Coverity公司 is built on Polaris, an easy-to-use, highly scalable, cloud-basedapplication security platformthat seamlessly integrates with your existing development tools and provides comprehensive security analysis from developer to deployment.Polaris integrates Synopsys analysis engines, including Coverity static analysis and Black Duck®software composition analysis, and Synopsys Managed Services to provide organizations with a holistic view of their applications’ risk posture at differentSDLCstages.

See a demo of Coverity on Polaris

Simplify security risk and compliance analysis

With Coverity SAST you can get an aggregated risk profile of your entire application portfolio through built-in reports as well as APIs that allow you to pull results into your existing risk reporting solutions.Easily filter identified vulnerabilities by category, view trend reports, prioritize remediation of vulnerabilities based on criticality, and manage security policy compliance across teams and projects.The Coverity “analysis without build” feature enables security teams to identifysecurity issuesin software without building it.Simply specify the location of the project, and Coverity will automatically identify, download, and analyze all required dependencies.

Integrate and automate static analysis in your SDLC

Coverity公司 integrates with popular IDEs, issue trackers, build and CI tools, source code management (SCM) tools, and application life cycle management (ALM) solutions.In addition, REST APIs allow you to initiate Coverity scans in virtually any build automation solution.

Learn more about Coverity integrations

Coverity公司 SDLC integration support

Comprehensive language and framework support

Coverity公司 supports 21 languages and over 70 frameworks and template engines.

Learn more about Coverity language support

SAST Coverity support languages

Coverity公司 in action

Discover how our customers reduce risk, ensure application resiliency, and rapidly deliver new functionality to market with our SAST solutions.

Success Story


Bolsters its reputation with secure software

Success Story

Eagle Investment Systems

Ensures software quality and security

Success Story

Direct Edge

Accelerates time to market

More ways to analyze your code with Synopsys



SecureAssist® is a lightweight IDE-based static analysis tool that gives developers quick feedback onsecurity vulnerabilitiesin Java, JavaScript, PHP, and .NET.

managed static application security testing (SAST)


管理SASTis a cloud-based managed service that gives you on-demand access to remote teams of security experts who analyze your code for security defects using multiple tools and techniques, providing you with detailed reports and remediation guidance, quickly and economically.

Related content