Application Security

1/31/2018
12:16 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Synopsys Expands Coverity Support for New Programming Languages, Secure Coding Standards, and DevOps Toolchain Integrations

MOUNTAIN VIEW, Calif., Jan. 30, 2018 /PRNewswire/ -- Synopsys, Inc. (Nasdaq:  SNPS) today announced its Coverity® 2018.01 release, the newest version of its industry-leading static analysis tool, which analyzes source code to detect critical quality and security defects early in the software development life cycle. Coverity 2018.01 extends the tool's support for new programming languages, coding standards, and development tool integrations.

Coverity 2018.01 highlights:

  • Introduces support for Scala and VB.NET
  • Provides full support for SEI CERT C coding standard rules (2016 edition)
  • Includes enhanced plugins for Jenkins continuous integration (CI) server to enable automated testing in DevOps environments

"Secure, high quality software is becoming increasingly an imperative for business success and the well-being of end users in the face of the growing threat landscape," said Andreas Kuehlmann, general manager of the Synopsys Software Integrity Group. "In parallel, the pace and process by which software is developed are changing dramatically. For this reason, the tools used to find defects and potential security vulnerabilities throughout the development life cycle need to evolve as well. By supporting new programming languages, secure coding standards, and out-of-the-box integrations with modern development tools, Synopsys enables organizations to expand their software portfolios and embrace new development paradigms like DevOps with the assurance that their code is high quality and secure."

Coverity has been recognized as a leading application security testing solution by GartnerForrester, IDC, and VDC, and is a core component of the Synopsys Software Integrity Platform. The new enhancements and features of Coverity 2018.01 include these:

 

  • Expanded language coverage: Coverity enables organizations to proactively build security and quality into their applications, even as they broaden their software portfolios and embrace new languages, frameworks, and technologies such as mobile and microservices. With each release, Synopsys continues to expand Coverity's support for new programming languages while strengthening its security analysis for existing languages. Coverity 2018.01 adds support for two new languages: Scala, commonly used in microservices-based application development, and VB.NET. The latest Coverity release also provides enhanced security analysis for Swift, PHP, Python, JavaScript, Java, C#, and Node.js. With these additions, Coverity supports the key programming languages used to build embedded and enterprise software.
  • Support for secure coding standards: Coverity enables organizations to comply with coding standards that promote the security, reliability, and safety of critical embedded software. With the latest 2018.01 release, Coverity fully supports SEI CERT C (2016 edition), an industry standard for secure coding. In addition to CERT C, Coverity also supports all versions of the MISRA coding standard and is ISO 26262 certified.
  • Integration with modern development toolchains: Coverity is designed to support rapid and automated development workflows, with support for and integration with many of the popular development tools. Coverity 2018.01 provides plugins for the latest IDEs, including Visual Studio, Eclipse, IntelliJ, Android Studio, and many others. For streamlined security testing, the latest release also supports out-of-the-box integration with Jenkins continuous integration (CI) server. Coverity's new Jenkins plugin has improved Jenkins Pipeline support, which enables retrieval of found issues by project and has enhanced data-filtering capabilities.

 

Learn more about Coverity Static Analysis.

 

About the Synopsys Software Integrity Platform

Synopsys offers the most comprehensive solution for building integrity—security and quality—into the software development life cycle and supply chain. The Software Integrity Platform unites leading testing technologies, automated analysis, and experts to create a robust portfolio of products and services. This portfolio enables companies to develop personalized programs for detecting and remediating defects and vulnerabilities early in the development process, minimizing risk and maximizing productivity. Synopsys, a recognized leader in application security testing (AST), is uniquely positioned to adapt and apply best practices to new technologies and trends such as IoT, DevOps, CI/CD, and the Cloud. For more information, go to www.synopsys.com/software.

 

About Synopsys

Synopsys, Inc. (Nasdaq: SNPS) is the Silicon to Software partner for innovative companies developing the electronic products and software applications we rely on every day. As the world's 15th largest software company, Synopsys has a long history of being a global leader in electronic design automation (EDA) and semiconductor IP and is also growing its leadership in software security and quality solutions. Whether you're a system-on-chip (SoC) designer creating advanced semiconductors, or a software developer writing applications that require the highest security and quality, Synopsys has the solutions needed to deliver innovative, high-quality, secure products. Learn more at www.synopsys.com.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIP,  11/7/2018
Why Password Management and Security Strategies Fall Short
Steve Zurier, Freelance Writer,  11/7/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-16470
PUBLISHED: 2018-11-13
There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.
CVE-2018-16471
PUBLISHED: 2018-11-13
There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to a...
CVE-2018-6980
PUBLISHED: 2018-11-13
VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Successful exploitation of this issue may allow Admin users with view only permission to perform certain administrative functions which they...
CVE-2018-17614
PUBLISHED: 2018-11-13
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Losant Arduino MQTT Client prior to V2.7. User interaction is not required to exploit this vulnerability. The specific flaw exists within the parsing of MQTT PUBLISH packets. The issue results from th...
CVE-2018-8009
PUBLISHED: 2018-11-13
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.