Coverity 8.7 boosts analysis for mobile, web apps

Article By : Synopsys

Coverity tool’s 8.7 version expands and enhances analysis via plugins with IDEs like Android Studio, Microsoft Visual Studio, IntelliJ and Eclipse.

Synopsys has released the 8.7 version of its Covertiy static analysis tool that features enhanced security analysis for mobile and web applications. Along with the recent acquisitions of Cigital and Codiscope, this latest version aims to provide enterprise-level security analysis and broad programming language support for today's application security demands, according to the company.

The 8.7 version expands and enhances its desktop analysis for mobile and web applications through plugins with popular IDEs including Android Studio, Microsoft Visual Studio, IntelliJ and Eclipse.

Developers can perform security analysis from their desktop environment as part of a secure software development lifecycle for Android mobile applications and JavaScript and Node.js web applications. They can also run quality analysis for other interpreted languages including PHP, Python and Ruby.

The Coverity 8.7 also includes major enhancements to the tool's security analysis for Android applications to detect the most critical vulnerabilities and weaknesses on the OWASP Top 10. Coverity 8.7 also provides improved security analysis to detect a wider range of vulnerabilities in JavaScript, Java and C# web applications, and includes support for the new ECMAScript 6 scripting language specification. The JavaScript security analysis in Coverity 8.7 can be customised to improve the accuracy of testing results and reduce false positives and negatives that are common pitfalls for application security testing programs.

"Mobile and web applications are used widely across organisations to conduct business and process sensitive information, so addressing critical security vulnerabilities before they cause disruption for employees or customers is essential," said Andreas Kuehlmann, senior vice president and general manager of Synopsys' Software Integrity Group.