The Synopsys Software Integrity Group is now Black Duck®. Learn More

Coverity® Static Analysis provides comprehensive code scanning that empowers developers and security teams to deliver high-quality software that complies with security, functional safety, and industry standards.

Uncover complex defects

Find and fix code quality and security issues that span multiple files and libraries across even the largest codebases.

Ensure compliance

Track and prioritize the issues that matter to your business, with broad coverage for security and industry standards including OWASP Top 10, CWE Top 25, MISRA, CERT C/C++/Java, etc.

Scan with confidence

Analyze applications of any size, even those with thousands of developers and tens of millions of lines of code.

Drive compliance with security and coding standards


Coverity makes it easy to track and manage compliance with the coding standards that matter to your business. Built-in reports provide insight into issue types and severity to help prioritize remediation efforts and track progress toward each standard across teams and projects.

•     MISRA
•     AUTOSAR
•     ISO 26262
•     PCI DSS
•     CERT C/C++/Java

•     DISA STIG
•     ISO/IEC TS 17961
•     OWASP Top 10
•     OWASP Mobile Top 10
•     CWE Top 25

Popular programming languages and frameworks for code scanning tools, including C++, Java, Python and others

Broad and deep language support to improve code quality and security

Coverity provides comprehensive analysis for 22 programming languages, more than 200 frameworks, and many popular infrastructure-as-code platforms and file formats.

Learn more about Coverity language support and CWE coverage.

Empower developers to build better code without slowing them down

The Code Sight™ IDE plugin extends Coverity analysis to the developer desktop, enabling them to find and fix quality and security defects as they code.

Fast and accurate incremental analysis runs in the background to minimize disruption, giving developers real-time results, including CWE information, remediation guidance, and relevant security training, directly within the IDE.

DevSecOps infinity loop diagram showing Dev, Sec, and Ops integration with code scanning workflow stages: plan, code, build, test, release, deploy, operate, monitor

Automate within developer workflows

Integrate: Find and fix defects without leaving your favorite tools, thanks to integrations into popular IDE, SCM, CI, and issue-tracking systems.

Automate: Trigger scans on code commits and pull requests to uncover issues early, without impacting releases.

Scale: Expand to cover your full portfolio of applications and the teams that support them.

Coverity is very effective, fast and supportable. The documentation is complete and clear, it helps a lot in code preparation and support processes."

Devops Engineer

|

Telecommunication

The Forrester Wave™ Leader

Black Duck is a Leader in the 2023 Forrester Wave for Static Application Security Testing

Forrester Wave Leader 2023 Static Application Security Testing
Cloud-based code scanning tools diagram showing security, automation, and monitoring integration

Looking for an integrated, cloud-based AST solution? Check out Polaris.

The Black Duck Polaris®  Platform brings together the market-leading SAST and SCA engines that power Coverity and Black Duck® SCA into an easy-to-use, cost-effective, and highly scalable SaaS solution, optimized for the needs of modern DevSecOps.

Trusted analysis for complex software

Discover how Coverity customers reduce risk, ensure application resiliency, and rapidly deliver new functionality to market.

Learn more about Coverity