version v7.2.
For up-to-date documentation, see the
latest version.
Coverity
3 minute read
This page describes the tool independently of any platform-specific details. For the service URL and other platform-specific configuration, please refer to your platform’s dedicated page .
Overview
Why should you use it?
Coverity is a SAST tool to find out security vulnerabilities in the code. The tool is provided as SaaS to the digital products to look for security vulnerabilities in their code.
It checks for all the coding rules recommended to be followed by Cybersecurity in Thales .
What’s new
In order to support Coverity users we have started an initiative in collaboration with Black Duck (former Synopsys) in the form of monthly sessions that cover basic Coverity notions, usual workflows and best practices.
We hope that you will join us no matter what your level of expertise is as we will try to address any issue you currently have with the Coverity tool:
- If you are new to Coverity, this is a great chance to learn basic usage and understand its capabilities.
- If you are an experienced Coverity user, you can discover new features and suggest future topics for the monthly sessions supported by Black Duck.
If you have any questions on Coverity tool, you can share them so that we can prepare in advance.
Session 1 - Coverity Topics: Introduction
Topics:
- Introduction to Coverity: purpose, architecture, principles
- How to start triaging defects and creates views (quality and security gates) in Coverity UI
When:
- 25th of March 2025 (11:00-12:00 CET)
The recording for this session you can be accessed at this link
Session 2
Topics:
- Coming Soon
When:
- 23rd of April 2025 (16:00-17:00 CET)
Get Started
You can find links to your respective platforms to connect to the Coverity instance .
Example of pipeline that runs a Coverity scan Coverity Step .
How to
These Coverity Tutorials can help you learn how to use Coverity.
Introduction
Setup
Setup for administrators
- Downloading Coverity Analysis and Connect Platform
- SAML SSO AUthentication
- LDAP Configuration for Coverity Connect
- LDAP server settings
Best practices
How to exclude the specific path or files from being analyzed
How to Compare Coverity Analysis Results from Different Builds
How to Set Up the Coverity Desktop Analysis Configuration File – coverity.conf
Coverity Analysis without Build for Enterprise Security Teams
Best practices for administrators
- Replacing a Coverity License
- Connect Maintenance- Scheduled Backups and Purging
- Coverity Connect JIRA Configuration