Great tool for securing your applications during development phase
Use Cases and Deployment Scope
Coverity Static Analysis (SAST) helps your organization in detection of vulnerabilities in the code. Your development team would be able to release vulnerability free apps and there by reducing post go live pain of code correction from security perspective. Coverity Static Analysis (SAST) tool can be integrated with devsecops pipeline and ensure automation of security code testing and remediation before someone else discovers the vulnerabilities. Coverity Static Analysis (SAST) reduced efforts by 30% in rolling out builds through DevSecOps
Pros
- It can provide security scanning dashboard
- Help detect vulnerabilities and recommend remediation
- Integration of devsecops helps speed up release cycles
Cons
- Coverage of integration with other security tools can be improved
- Customisation of dashboard to enable customer choice of tracking
- Showcase devsecops progressive tasks from SLA and violation from code scanner perspective
Likelihood to Recommend
Best suits for large scale and dynamic development environment. It may be best tool if you want to release your apps with less TAT. However if you have a CRM tool which is COTS product it can offer little help. Even then you should be familiar with what features of Coverity Static Analysis (SAST) are helpful for your development environment
