The site that you are currently viewing is a static version of the Software Factory documentation delivered with the

version v7.2.
For up-to-date documentation, see the latest version.

Secrets, Tokens and Credentials in Coverity

This document lists all secrets, tokens and credentials that can be configured and managed by a non-administrator user in Coverity.

For each item, a concise explanation of its usage and a link to the official documentation are provided.

Quick Selection Guide

Choose the appropriate credential type based on your needs:

Your NeedRecommended Credential
CI/CD pipelines and automated analysisAuthentication Keys
Command-line operationsAuthentication Keys
Direct login to Coverity Connect web UIUsername and Password

Authentication Keys

Authentication keys are cryptographic credentials that provide password-less authentication for command-line operations and CI/CD automation with Coverity Connect.

Authentication keys are stored as files (typically with .key extension) and can be used instead of username/password combinations for automated workflows.

graph LR
    USER[User Credentials]
    AK[Authentication Key File]
    CMD[Coverity CLI Commands]
    CICD[CI/CD Pipelines]

    USER -->|generates| AK
    AK --> CMD
    AK --> CICD

Usage:

  • Authenticate with Coverity analysis tools (cov-commit-defects, cov-analyze, etc.)
  • Use in CI/CD pipelines for automated code analysis
  • Enable secure, password-less authentication for automated workflows
  • Provide same level of access as the user’s account
Warning

Authentication key files should be:

  • Stored securely in a vault (such as Azure Key vault or equivalent)
  • Never committed to version control systems (see secret detection practice )
  • Stored as secure secrets/variables in CI/CD platforms
  • Defined with an expiration date according to your operationnal needs
  • Use the --set-expiration option with the cov-manage-im command
  • Rotated regularly : at least every 6 month for CI, days or week for others usage

More information in the Coverity documentation: Working with Authentication Keys

Username and Password

Warning

While username/password authentication is supported, using authentication keys is strongly recommended for:

  • CI/CD pipelines
  • Automated scripts
  • Command-line operations
  • Any non-interactive use case

Traditional username and password authentication for Coverity Connect.

Coverity supports multiple authentication backends:

  • Local users: User accounts managed directly in Coverity Connect (should be limited to the strict necessary ; prefer usage of other authentication means)
  • LDAP: Integration with corporate LDAP/Active Directory
  • SAML SSO: Single Sign-On via SAML identity providers (Azure AD, Okta, etc.)

Usage:

  • Direct login to Coverity Connect web interface
  • Authentication for generating authentication keys
  • Desktop Analysis configuration