New to market this week is Coverity's Integrity Control solution for code governance, code quality, and security policy control. The product is presented as a route for developers to manage, monitor, and report on policies as code is developed and tested.
Providing the option to automatically manage and enforce standard code testing policies across in-house development teams, outsourced development teams, and software provided by third-party suppliers, Coverity has used upbeat terminology to describe its new product, saying that it provides "deep visibility" into development risks across the software supply chain.
"The lack of governance over the software supply chain has put the revenue and reputations of Global 2000 brands at risk," said Anthony Bettencourt, Coverity CEO. "Coverity Integrity Control is a new means of addressing this problem by enabling companies to govern and manage third party software against the same criteria as your in-house development teams. Coverity extends both our market and technology leadership with this breakthrough new code governance product."
Coverity says that Integrity Control is an integrated solution that leverages code testing results from its own Coverity Static Analysis product and so offers code governance features including:
Policy Management: To set standard thresholds, SLAs, and policies for code quality and security (such as defect density and number of defects by criticality, type, or impact), as well as productivity and efficiency such as time-to-fix defects and technical debt.
Executive Heat Map Alerts and Code Control Panel: To gain insight into development risk across the supply chain with a single view of code sources by supplier, component, and development team.
Coverity says that this function allows developers to monitor and identify suppliers, components, or teams in violation of code governance policies via alerts that appear with any breach of integrity standards. It then drills down into each policy to pinpoint the full context of the code problem, the specific policy in violation, and where it originated.
Policy Breach Notification: This function will notify third-party suppliers of code governance violations by automatically producing and sending a Coverity-branded software integrity report that summarizes the high-risk defects that exist (if indeed they do) inside their software and components.