Understanding Coverity

Note: This platform is renamed Coverity on Polaris. Unless otherwise specified, references to Polaris or Polaris Software Integrity Platform in this documentation are referring to Coverity on Polaris.

Coverity performs static analysis on source code, identifying likely defects and vulnerabilities, which are stored and managed in the Coverity on Polaris platform.

What is Coverity?

Coverity is a static analysis solution that makes it possible to address software issues early in the development life cycle by analyzing source code to identify the following kinds of problems:

  • Software quality and security issues
  • Violations of common coding standards

The Static Analysis Solution

Static analysis tests source code without executing it and finds security vulnerabilities. As a testing method, static analysis offers the following advantages:

  • You can test code as soon as there is one function that can be parsed, without needing a buildable or working system to do analysis. Static analysis allows you to correct problems before they become embedded in your code and require costly fixes or workarounds.
  • You test as many paths as possible through your code. As applications become larger, achieving test coverage using dynamic testing methods becomes costly and computationally prohibitive. Coverity can test all paths through the code, especially those that are extremely difficult to test manually such as error conditions that would only be triggered in the case of hardware failure.
  • It is deterministic: analysis of the same code base yields the same results.
  • It is able to analyze large code bases very quickly. Coverity uses algorithms that are designed to scale for large applications.

Checkers: How Coverity Does Its Work

The analysis of your code is done by a collection of programs called checkers which are the foot soldiers of static analysis. Each checker looks for a specific kind of issue, which can range from the simple to the complex. A simple checker might flag a missing break statement or find a bad comparison. A more sophisticated checker might find code that is vulnerable to cross-site scripting attacks or a method call that is not guarded by an authorization check. There are many possible categories of issues, among them:

  • Memory corruption
  • Resource leaks
  • NULL object or pointer dereferences
  • Thread concurrency
  • Web application security flaws
  • Lines, files, and functions that are insufficiently tested

Coverity uses hundreds of checkers that scan numerous languages. (For detailed language support information, see the Polaris support page that pertains to your version of Coverity. It includes capture methods and compilers supported for each language.)

Coverity also includes checkers that analyze your code with respect to its adherence to a variety of coding standards, including OWASP and others.