Coverity
{{Short description|American software company}}
{{infobox company
| name = Coverity, Inc. - A Synopsys Company
| logo = Coverity logo.jpg
| type = Public
| foundation = {{Start date|2002|11}}
| fate = Acquired by Synopsys in 2014
| key_people = Jason Schmitt (current GM)
| location = formerly San Francisco, California
| num_employees = 250+
| industry = Security testing, static program analysis, software development
| products = Coverity Code Advisor, Coverity Code Advisor on Demand, Coverity Scan, Coverity Test Advisor, Seeker
| homepage = {{URL|synopsys.com/software-integrity.html}}
| parent = Synopsys, Inc.
}}
Coverity is a proprietary static code analysis tool from Black Duck, Inc.{{cite web|url=https://www.prnewswire.com/news-releases/introducing-black-duck-software-the-leader-in-application-security-has-a-new-name-302263912.html|title=Introducing Black Duck Software: The Leader in Application Security Has a New Name|date=2025-05-27|publisher=PR Newswire|access-date=2025-05-27}}. This product enables engineers and security teams to find and fix software defects.
Coverity started as an independent software company in 2002 at the Computer Systems Laboratory at Stanford University in Palo Alto, California. It was founded by Benjamin Chelf, Andy Chou, David Park, and Seth Hallem with Stanford professor Dawson Engler as a technical adviser. The headquarters was moved to San Francisco. In June 2008, Coverity acquired Solidware Technologies.{{cite web|url=http://infoworld.com/article/08/06/30/Coverity-buys-Solidware-to-boost-code-analysis_1.html|title=Coverity buys Solidware to boost code analysis|last=Krill|first=Paul|date=2008-06-30|publisher=Infoworld.com|url-status=dead|archive-url=https://web.archive.org/web/20081010164925/http://www.infoworld.com/article/08/06/30/Coverity-buys-Solidware-to-boost-code-analysis_1.html|archive-date=2008-10-10|access-date=2011-01-29}} In February 2014, Coverity announced an agreement to be acquired by Synopsys, an electronic design automation company, for $375M in cash.{{cite web|url=http://www.prnewswire.com/news-releases/synopsys-enters-software-quality-and-security-market-with-coverity-acquisition-246221391.html|title=Synopsys Enters Software Quality and Security Market with Coverity Acquisition|date=2014-02-19|publisher=PR Newswire|access-date=2014-02-20}}
Products
Coverity is a static code analysis tool for C, C++, C#, Java, JavaScript, PHP, Python, .NET, ASP.NET, Objective-C, Go, JSP, Ruby, Swift, Fortran, Scala, VB.NET, and TypeScript. It also supports more than 70 different frameworks for Java, JavaScript, C# and other languages.{{Cite web|url=https://www.blackduck.com/static-analysis-tools-sast/languages-and-frameworks.html|title=Coverity Languages and Frameworks|website=blackduck.com|access-date=2025-05-27}}
Coverity Scan is a free static-analysis cloud-based service for the open source community.
Applications
Under a United States Department of Homeland Security contract in 2006, the tool was used to examine over 150 open source applications for bugs; 6000 bugs found by the scan were fixed across 53 projects.[{{cite web |url=http://www.zdnetasia.com/news/security/0,39044215,39315781,00.htm |title=LAMP lights the way in open-source security : News : Security - ZDNet Asia |access-date=May 4, 2006 |url-status=dead |archive-url=https://web.archive.org/web/20090614061139/http://www.zdnetasia.com/news/security/0%2C39044215%2C39315781%2C00.htm |archive-date=June 14, 2009 }}"LAMP lights the way in open-source security"] – ZDNet
National Highway Traffic Safety Administration used the tool in its 2010-2011 investigation into reports of sudden unintended acceleration in Toyota vehicles.[http://www.softwaremag.com/content/ContentCT.asp?P=3169 "U.S. Used Key Tools to Examine Toyota Acceleration-Related Software"] {{webarchive|url=https://web.archive.org/web/20130526101953/http://www.softwaremag.com/content/ContentCT.asp?P=3169 |date=2013-05-26 }}[http://www.nhtsa.gov/staticfiles/nvs/pdf/NASA-UA_report.pdf "Technical Support to the National Highway Traffic Safety Administration on the Reported Toyota Motor Corporation Unintended Acceleration Investigation"] {{Archive url|url=https://web.archive.org/web/20110213065338/https://www.nhtsa.gov/staticfiles/nvs/pdf/NASA-UA_report.pdf|date=2011-02-13}} The tool was used by CERN on the software employed in the Large Hadron Collider[http://www.coverity.com/company/press-releases/read/cern-chooses-coverity-to-ensure-accuracy-of-large-hadron-collider-software-html "CERN Chooses Coverity to Ensure Accuracy of Large Hadron Collider Software"][https://www.youtube.com/watch?v=0g477Mhif0k "Improving Scientific Research: CERN and Coverity Static Analysis"] and in the NASA Jet Propulsion Laboratory during the flight software development of the Mars rover Curiosity.[http://www.huffingtonpost.co.uk/2012/09/27/curiositys-doctors-mars-rover-coverity_n_1919115.html "Coverity: Mars Rover Curiosity's 'Space Doctors' On Bug Hunting In Space"]