Coverity, a company that helps developers reduce defects and increase security in their software, today released a new solution for code governance that enables software development organizations to set policies for code quality and security, and then manage, monitor and report on these policies as code is tested.
The solution, “Coverity Integrity Control”, helps companies automatically manage and enforce standard code testing policies across in-house development teams, outsourced development teams, and software provided by third party suppliers, gaining deep visibility into development risk across the software supply chain.
“The lack of governance over the software supply chain has put the revenue and reputations of Global 2000 brands at risk,” said Anthony Bettencourt, CEO of San Francisco based Coverity. “Coverity Integrity Control is a new way to address this problem by enabling companies to govern and manage third party software against the same criteria as in-house development teams.”
Coverity Integrity Control is an integrated solution which leverages code testing results from Coverity Static Analysis, and offers advanced code governance features including:
• Policy Management: Set standard thresholds, SLAs and policies for code quality and security (such as defect density and number of defects by criticality, type or impact), as well as productivity and efficiency (such as time-to-fix defects and technical debt) across suppliers, outsourcers, open source, and in-house teams.
• Executive Heat Map Alerts & Code Control Panel: Gain insight into development risk across the software supply chain with a single view of code sources by supplier, component and development team. Monitor and identify suppliers, components or teams in violation of code governance policies via alerts that appear with any breach of integrity standards. Drill down into each policy to pinpoint the full context of the code problem, the specific policy in violation, and where it originated.
• Policy Breach Notification: Notify third party suppliers of code governance violations by automatically producing and sending a Coverity Software Integrity Report that summarizes the high risk defects that exist in their software and components.
• Third Party Supplier SLA Enforcement: Consistently measure suppliers against standard quality and security SLAs, and automatically audit for SLA violations on-demand. Suppliers can build policies aligned to established SLAs and self-certify their code upon delivery to their supply chain partners.
• Code Testing & Coverity Integrity Manager Integration: Set policies that evoke priorities for code testing with Coverity Static Analysis. Notify developers of quality or security policy violations within their existing workflow, prioritized by risk and impact, so they know what problems to fix first, and report on progress towards compliance with policies. Produce an updated risk profile with every code iteration and test.
“Defects in code directly contribute to product delays and recalls, impact customer satisfaction, and revenue loss. It is critical for the business to understand what development issues are slowing time to market or which software suppliers may be introducing quality and security risks into their products,” said Ezi Boteach, Coverity VP of Products. “Implementing a process for code governance enables better risk management and brings development into closer concert with overall business priorities.”