The tool strengthens software integrity offering for web and mobile applications, automotive systems, and Chinese market




VIEW, Calif., July 11, 2016 — Synopsys, Inc. (Nasdaq:SNPS) announced
the version 8.5 release of Coverity®, the company’s industry-leading static analysis tool and one of the core components of
its Software Integrity Platform. Coverity is an automated software
testing tool that analyzes source code to detect critical security
vulnerabilities and defects early in the software development life cycle.


and the other tools in Synopsys’ Software Integrity Platform are used to
facilitate “software signoff,” an integrated development and testing
methodology that aims to ensure software quality and security. Pioneered by
Synopsys to emulate the signoff concept used in integrated circuit (IC) design,
software signoff involves a series of automated testing cycles at critical
points throughout the software development life cycle and software supply chain.


Coverity 8.5 release includes several important updates to enhance its security
analysis and reporting capabilities and extend its utility to a broader audience,
including organizations developing web and mobile applications and software
systems for vehicles and other safety-critical systems.


Enterprise application security testing for web apps, mobile apps, and more

8.5 strengthens Synopsys’ offering to the enterprise market by adding analysis
capabilities for Ruby and node.js, two increasingly popular programming
languages used to develop web applications. The release also introduces
foundational security analysis for Android mobile applications to address the
growing concern around enterprise mobile security. In addition, this release
enhances Coverity’s security-focused analysis for several supported programming
languages to detect a wider range of vulnerabilities, including the OWASP Top
10, CWE/SANS Top 25 and more.


Enabling safety and security in automotive software

8.5 also strengthens Synopsys’ offering for the automotive and other
safety-critical industries by adding full coverage for MISRA C 2012, a widely
adopted set of software development guidelines for facilitating code security
and safety. This follows Synopsys’ May announcement of Coverity’s ISO 26262 certification and further advances
the company’s efforts to address vehicle security and safety in the midst of
emerging industry trends such as connected cars and autonomous driving.


more information, please refer to the Coverity product brief for MISRA C 2012 compliance.


vulnerabilities pose a serious threat to businesses across all industries, and
whether you’re developing web apps for personal banking or an embedded system
for a car, addressing bugs early in the development lifecycle with automated
tools like Coverity is critical,” said Andreas Kuehlmann, senior vice
president and general manager of Synopsys’ Software Integrity Group. “The
Coverity 8.5 release increases the breadth and depth of the tool’s analysis
capabilities to better serve the needs of enterprise application security
market, as well as safety-critical industries like automotive that are facing
constantly evolving security threats.”


latest release also brings enhanced integration and reporting features to
Coverity users, including updates and support for the latest IDE (integrated
development environment) releases, and the introduction of a new “Software
Integrity Report,” a dashboard-level report that aggregates software
issues detected by Coverity and other tools in the Software Integrity Platform,
including the Defensics fuzz testing tool and Protecode Supply Chain software composition analysis


support its growing customer base and expand its software integrity business in Asia
Pacific, Synopsys is now offering a localized version of Coverity 8.5 in
simplified Chinese, including a localized user interface, reporting, IDE
plugins and documentation.


About the Synopsys Software Integrity Platform

Through its Software Integrity Platform, Synopsys
provides advanced solutions for improving software quality and security. This
comprehensive platform of automated analysis and testing technologies
integrates seamlessly into the software development process and enables
organizations to detect and remediate quality defects, security vulnerabilities
and compliance issues early in the software development life cycle, as well as
to gain security assurance with and visibility into their software supply