Coverity 5.5 Finds Bugs and Continuous Integration Kinship
Testing vendor Coverity is expanding its namesake static analysis testing suite. With the release of Coverity 5.5, Coverity is aiming to integrate its testing suite more fully into software development and deployment.
Developers can integrate the Coverity 5.5 testing suite with HP's Application Lifecycle Management (ALM), as well as add it as part of a workflow within Eclipse or Microsoft's Visual Studio suite by using the respective plug-in. Overall, Coverity is positioning its new release as a development testing platform.
Ezi Boteach, VP of Products at Coverity, explained to InternetNews.com that the goal is to provide developers and their managers visibility into what's going on during development.
Coverity's static analysis engine is able to identify many types of coding defects, including use-after-free memory errors. Those types of flaws are particularly troublesome as they can potentially lead to security exploits.
"One thing that is common is when you copy and paste code and you have two variables that are used in a similar way," Boteach explained. "But at some point you want to free one of them, and you make a mistake and free the wrong one and then you continue using it. it's definitely one of the things we find."
Coverity and Jenkins for an Automated Testing Platform
While static analysis on its own is a useful tool, it becomes even more powerful when it is combined with the regular development workflow. Boteach noted that Coverity 5.5 integrates with the Jenkins Continuous Integration server, which can help to aid an Agile development process.
"You can fail a build by identifying what type of defects you care about," Boteach said. "If you care only about high-impact defects, the build will automatically fail if such a defect is introduced."
Boteach explained that together with Jenkins, static analysis for code defects can be part of a nightly or weekly build as an automated testing platform. The Jenkins project is a fork of the Hudson Continuous Integration system that is currently run by Oracle as an Eclipse project. Boteach noted that Coverity started working with Jenkins before the project was split out from Hudson and that's part of the reason why they're integrating with Jenkins. That said, Boteach said that Coverity is not picking a winner in the continuous integration space and if there is customer demand for Hudson, they'll integrate that as well.
Coverity 5.5 and FindBugs
The Coverity 5.5 release also marks the debut of its FindBugs integration. FindBugs is a popular open source Java defect tool that has been part of solutions from other software vendors, including HP's Fortify division, since at least 2006.
Boteach noted that FindBugs is a popular tool, but the problem has been that it lacks a way for the bugs to be centrally managed. With Coverity 5.5, Boteach said that managers have a platform to manage FindBugs; they will know if developers are using it and gain visibility into how they are using it. He added that by integrating FindBugs, developers in disparate business units can share more bugs across an organization.
"We also optimized FindBugs, so based on the basic configuration we are eliminating a lot of the false positives," Boteach said. "The enhancements that we've done are in how you run FindBugs and which checks are enabled."