Coverity Integrates Kalistick Cloud, Ups Java Support in New Dev Test Platform Release

Just over a month after acquiring cloud-based services provider Kalistick, Coverity has released an update of its namesake dev test platform with enhancements from that acquisition aimed at building tighter integration between enterprise development and quality assurance (QA) teams.

Coverity Development Testing Platform 7.5 comes with a new cloud-based QA tool, new analysis algorithms focused on Java and C# codebases, and expanded Java Web app security coverage, among other enhancements.

The Coverity Development Testing Platform is a suite of tools, which now includes the new Coverity Test Advisor, QA Edition. Based on the Kalistick cloud-based solution, this version of Test Advisor is designed to enables QA teams to monitor the execution and results of their tests, then identify which tests are most critical based on change impact. By capturing the testing footprint, the company says, teams can also identify testing gaps that could result in regression risk.

"By augmenting its software testing portfolio with the complementary Kalistick products, Coverity will be able to further help organizations to address software quality problems earlier in the development lifecycle," said IDC analyst Melinda Ballou, in a statement.

Version 7.5 also comes with an update of Test Advisor, Developer Edition, including an improved ability to collect and aggregate coverage data for improved performance and usability, which helps development teams prioritize which automated tests to write and run based on the impact of change. It also comes with eight new analysis algorithms to address a wider class of defect patterns in C# code, and improved integration with developer workflow through desktop analysis capabilities that allow developers to resolve issues from within their IDEs.

This release also provides enhancements aimed specifically at Java developers, including extensive coverage of the Open Web Application Security Project's (OWASP) Top 10 and Common Weakness Enumeration (CWE) security vulnerabilities in Java apps. The open-source OWASP identifies 10 of the most critical web app security risks each year. The CWE is a community project sponsored by the Mitre Corporation to create a catalog of software security vulnerabilities. Coverage of the OWASP's Top 10 makes it easier for users to view and report on compliance with key standards such as PCI, the company says. This release also provides Java developers with the ability to spot Cross Site Request Forgery (CSRF) and risky crypto issues, as well as 10 new analysis algorithms for detecting concurrency, logic, and other classes of issues.

The Coverity suite is also integrated with the IntelliJ IDEA Java IDE from JetBrains, which lets devs view and triage issues via the Coverity Quality Advisor, Security Advisor and Test Advisor tools.

Coverity, which is a subsidiary of Synopsys, made something of a splash a year ago with its "developer-first security" effort, during which it began promoting the idea of putting security into the hands of developers.