version v7.2.
For up-to-date documentation, see the
latest version.
Secrets, Tokens and Credentials in Coverity
2 minute read
This document lists all secrets, tokens and credentials that can be configured and managed by a non-administrator user in Coverity.
For each item, a concise explanation of its usage and a link to the official documentation are provided.
Quick Selection Guide
Choose the appropriate credential type based on your needs:
| Your Need | Recommended Credential |
|---|---|
| CI/CD pipelines and automated analysis | Authentication Keys |
| Command-line operations | Authentication Keys |
| Direct login to Coverity Connect web UI | Username and Password |
Authentication Keys
Authentication keys are cryptographic credentials that provide password-less authentication for command-line operations and CI/CD automation with Coverity Connect.
Authentication keys are stored as files (typically with .key extension) and can be used instead
of username/password combinations for automated workflows.
graph LR
USER[User Credentials]
AK[Authentication Key File]
CMD[Coverity CLI Commands]
CICD[CI/CD Pipelines]
USER -->|generates| AK
AK --> CMD
AK --> CICDUsage:
- Authenticate with Coverity analysis tools (
cov-commit-defects,cov-analyze, etc.) - Use in CI/CD pipelines for automated code analysis
- Enable secure, password-less authentication for automated workflows
- Provide same level of access as the user’s account
Authentication key files should be:
- Stored securely in a vault (such as Azure Key vault or equivalent)
- Never committed to version control systems (see secret detection practice )
- Stored as secure secrets/variables in CI/CD platforms
- Defined with an expiration date according to your operationnal needs
- Use the
--set-expirationoption with thecov-manage-im command - Rotated regularly : at least every 6 month for CI, days or week for others usage
More information in the Coverity documentation: Working with Authentication Keys
Username and Password
While username/password authentication is supported, using authentication keys is strongly recommended for:
- CI/CD pipelines
- Automated scripts
- Command-line operations
- Any non-interactive use case
Traditional username and password authentication for Coverity Connect.
Coverity supports multiple authentication backends:
- Local users: User accounts managed directly in Coverity Connect (should be limited to the strict necessary ; prefer usage of other authentication means)
- LDAP: Integration with corporate LDAP/Active Directory
- SAML SSO: Single Sign-On via SAML identity providers (Azure AD, Okta, etc.)
Usage:
- Direct login to Coverity Connect web interface
- Authentication for generating authentication keys
- Desktop Analysis configuration