Coverity Static Analysis
Coverity® Static Analysis provides comprehensive code scanning that empowers developers and security teams to deliver high-quality software that complies with security, functional safety, and industry standards.
Type: Data Flow Analysis
Supported version: 2024.12.1
Disclaimer
This project provides wrappers and scripts to integrate with Coverity Static Analysis, but does not include the tool itself.
Therefore, you are responsible for reviewing and complying with the product's license and terms of use.
Requirements
-
An existing installation of Coverity and a commercial license.
-
The
issueTypes.jsonfile (available inidir/output) to map checker types to CWE IDs. -
A
config.jsonfile for configuring supported languages and checker categories.
User configuration (config.json)
Checker categories are used for statistical purposes only and do not change the analysis behavior.
Example:
```json
{
"color_mapping": {
"CRITICAL": "red",
"MODERATE": "orange",
"SIGMA": "gray",
"SPOTBUGS": "silver"
},
"languages": {
"c-family":
"checker_sets": {
"CRITICAL": [
"CHECKER_NAME"
],
"MODERATE": [
"CHECKER_NAME"
]
},
"exclude": "/test/",
"include": "\.(c|cpp|h|hpp)$"
},
"java": {
"checker_sets": {
"CRITICAL": [
"CHECKER_NAME",
],
"MODERATE": [
"CHECKER_NAME",
]
},
"exclude": "/test/",
"include": "\.java$"
}
}
}