configurationjqueryfind
jqueryfind 时间:2021-05-17 阅读:(
)
|synopsys.
com|1CoverityStaticAnalysisQuicklyfindandfixcriticalsecurityandqualityissuesasyoucodeOverviewCoveritygivesyouthespeed,easeofuse,accuracy,industrystandardscompliance,andscalabilitythatyouneedtodevelophigh-quality,secureapplications.
Coverityidentifiescriticalsoftwarequalitydefectsandsecurityvulnerabilitiesincodeasit'swritten,earlyinthedevelopmentprocess,whenit'sleastcostlyandeasiesttofix.
Preciseactionableremediationadviceandcontext-specificeLearninghelpyourdevelopersunderstandhowtofixtheirprioritizedissuesquickly,withouthavingtobecomesecurityexperts.
CoverityseamlesslyintegratesautomatedsecuritytestingintoyourCI/CDpipelinesandsupportsyourexistingdevelopmenttoolsandworkflows.
Choosewhereandhowtodoyourdevelopment:on-premisesorinthecloudwiththePolarisSoftwareIntegrityPlatform(SaaS),ahighlyscalable,cloud-basedapplicationsecurityplatform.
Coveritysupports21languagesandover70frameworksandtemplates.
KeyfeaturesFastandaccurateanalysisWiththeCodeSightintegrateddevelopmentenvironment(IDE)plugin,developersgetaccurateanalysisinsecondsintheirIDEastheycode.
High-fidelityincrementalanalysisrunsautomaticallyinthebackgroundandusesthesamecomprehensiveCoverityanalysisengineusedforfullcentralanalysis,ensuringconsistent,accurateresults.
Coverityprovidesdevelopersalltheinformationtheyneedtounderstandhowtofixidentifiedissues—detaileddescriptions,categories,severities,CWEinformation,defectlocation,detailedremediationguidance,anddataflowtraces—aswellasissuetriageandmanagementfeatures,withintheirIDE.
Coverity's"analysiswithoutbuild"featureenablessecurityteamstoindependentlyassesssecurityissuesinsoftwarewithoutbuildingit.
Simplyspecifythelocationoftheproject,andCoveritywillautomaticallyidentify,download,andanalyzeallrequireddependencies.
ComprehensivereportingandcompliancevisibilityPolarisintegratesSynopsysanalysisengines,includingCoveritystaticanalysisandBlackDucksoftwarecompositionanalysis,andSynopsysManagedServicestoprovideorganizationswithaholisticviewoftheirapplications'riskpostureatdifferentsoftwaredevelopmentlifecycle(SDLC)stages.
Securityteamscangetacentralizedaggregatedriskprofileoftheirentireapplicationportfolio.
APIsenableimportingresultsintootherriskreportingtools.
Youcanfilteridentifiedvulnerabilitiesbycategory,viewtrendreports,prioritizeremediationofvulnerabilitiesbasedoncriticality,andmanagesecuritypolicycompliance(e.
g.
,OWASPTop10,CWETop25,andPCIDSS)acrossteamsandprojects.
"Issuesovertime"reportsshowseveritylevelsoverdifferenttimeframesandgiveyouimmediateinformationaboutthesecuritypostureofyourprojects.
PDFreportdownloadsallowauditorstomaintaindetailedcompliancerecords.
|synopsys.
com|2Inaddition,Coverityprovidesbest-in-classidentificationofcodequalityissuesforC/C++andthemostcomprehensivecoverageofstandardsrelatedtosafety,security,andreliability(e.
g.
,MISRA,CERTC/C++,CERTJava,DISASTIG,ISO26262,ISO/IECTS17961,andAUTOSAR),aswellasqualityissuesdescribedinNvidia'sCUDAC++guidelines.
EnterprisescalabilityandagilityWithCoverityonPolaris,organizationsdon'tneedtoinstallandmaintaincostlyon-premisesequipmentbutcanelasticallyscaletheirapplicationsecuritytestingtomeettheirgrowingbusinessneeds.
PolarissetupisassimpleasloggingintoaURL,thendownloadingandinstallingthecommandlineinterface(CLI)orrunningitthroughyourCIworkflowstostartanalysisofyoursourcecode.
SincetheCoverityanalysisenginesrunonahighlyavailablecloudplatform,CoverityonPolariscaneasilyscaletoaccommodatethousandsofdevelopersandprojectsandhandlemillionsofissueswithhighperformanceanduptime.
TheCodeSightpluginrequireszeroconfigurationandcanbedownloadedfromthemarketplacewebsitesforVisualStudio,Eclipse,IntelliJ,WebStorm,PyCharm,PhpStorm,andRubyMine.
SoftwaredevelopmentlifecycleintegrationsCoverityhasnativeintegrationsforIDEs(e.
g.
,VisualStudio,Eclipse,IntelliJ,RubyMine,WindRiverWorkbench,andAndroidStudio),sourcecodemanagement(SCM)solutions,issuetrackers(e.
g.
,JiraandBugzilla),CIbuildtools(e.
g.
,JenkinsandAzureDevOps),andapplicationlifecyclemanagement(ALM)solutions.
RESTAPIsareavailabletosupportotherbuildautomationsolutionsaswellasimportinganalysisresultsintootherenterpriseorcustomtools.
CoverityonPolarisprovidesadditionalpluginsandintegrationsforautomatedcloud-basedsecuritytestingduringdevelopmentandpre-deploymentstages.
RESTAPIsareavailableforimportinganalysisresultsintosecurityandriskreportingtools.
RefertothePolarisdatasheetforadditionalinformation.
ComprehensiveissuemanagementdashboardsInadditiontoCodeSightforlocalIDE-baseddevelopment,theCoverityonPolarisweb-basedunifiedplatforminterfacealsohelpsdevelopersfixidentifiedissuesandprovidesdetaileddescriptions,categories,severities,CWEinformation,defectlocation,detailedremediationguidance,anddataflowtraces,aswellascentralizedissuetriageanddetailedissuehistorylogs.
Developmentmanagersareabletocreate"issuesovertime"trendlinechartsshowingoverallsecurityriskandcompliancetoindustrystandards(e.
g.
,OWASPTop10andCWETop25)andhowindividualdevelopersorentireprojectteamsaredoinginclearingtheirprioritizedissues.
YoucaneasilyviewreportingdashboardsofIndustryRecognizedPriorityLists,Top5IssuesTypes,andTechnicalRiskIndicatorssothatyoucanfocusonissuesthatmattermosttoyourorganizationandprioritizethem.
PredefinedfiltersallowyoutofilterandgroupissuesbyCWE,standardstaxonomy,prioritylist,riskindicator,path,andindividualdeveloperowners.
ExpandedstandardscomplianceandvulnerabilitydetectionCoverityExtendisaneasy-to-usesoftwaredevelopmentkit(SDK)thatallowsdeveloperstodetectuniquedefecttypes.
TheSDKisaframeworkforwritingprogramanalyzers,orcheckers,toidentifycustomordomain-specificdefects.
CoverityCodeXMisadomain-specificfunctionalprogramminglanguagethatenablesdeveloperstodeveloptheirowncustomcheckerseasily.
Thesecustomizedcheckerssupportcompliancewithcorporatesecurityrequirementsandindustrystandardsorguidelines.
BenefitsGetimprovedvisibilityintosecurityrisk.
Cross-productreportingprovidesaholistic,morecompleteviewofaproject'sriskusingbest-in-classSASTandSCAtoolsandSynopsysManagedServices.
Deploymentflexibility.
YoudecidewhichsetofprojectstodoAppSectestingfor:on-premisesorinthecloud.
Shiftsecuritytestingleft.
Developersgethigh-fidelityincrementalanalysisresultsinsecondsastheycode,sotheycanfixanyissuespriortothebuild-testphase.
Supportdevelopers.
Enableyourteamstofixsoftwaredefectsquickly,easily,andcorrectlybysupplyingallthecontext,details,andadvicetheyneedtounderstandhowtofixissues.
Context-specificeLearning(availabletoeLearningcustomers)specifictoCWEsidentifiedindevelopers'owncodeprovidesimmediatesecuritytrainingwhentheyneedit.
Developersdon'tneedtobesecurityexperts.
|synopsys.
com|3SupportedlanguagesandplatformsC/C++C#CUDAJavaJavaScriptJavaAndroidSDKApacheShiroAxisDWREnterpriseJavaBeans(EJBs)GWTHibernateiBatisJavaFrameworksJavaPersistenceAPI(JPA)Javax.
websocketJAXRSJAXWSJEEJSF/FaceletsJSPandJSPStandardTagLibrary(JSTL)ReactiveX(RxJava,Reactor)RestletSpringBootSpringFrameworkStrutsTerasolunaTilesVert.
xWSXML-RPCC#ASP.
NETCoreMVC/ASP.
NETMVCASP.
NETCoreWebAPIASP.
NETASMXWebServicesASP.
NETWebFormsIdentityServerMassTransitRazortemplatesWCFServicesCoverityStaticAnalysis|TechnicalSpecificationPHPPython.
NETCoreASP.
NETObjective-CGoJSPRubyJavaScript/TypeScriptClient-sideAngularAngularJSApacheCordovaBackboneBootstrapEmberHTML5DOMAPIs/AjaxjQueryMithrilReact/PreactSocket.
IOSwigVueServer-sideAngularserver-siderendering(ExpressandHapiengines)ExpressFastifyHapiKoaMean.
ioNodePassportReactserver-siderendering(Next.
js)RestifySAPXSClassicandAdvancedSocket.
IOVueserver-siderenderingTemplateenginesConsolidatedoT.
jsEJSHandlebarsHoganSwiftFortranScalaVB.
NETiOSAndroidTypeScriptKotlinJadekoa-viewsLodash(templating)MarkoMustacheNunjucksPugSwigTwigUnderscore(templating)VisionMajorlibrariesAxiosGoogleCloudAPIs(Storage)Mongoose/MongoDBRequestSequelizeSqlxSwashbuckleUnderscore/LodashGOEchoPHPSymfonyPythonFlaskDjangoRubyRubyonRailsSupportedplatformsWindowsLinuxMacOSXSolarisSupportedframeworksCoveritysupportsover70differentframeworksforJava,JavaScript,C#,andotherlanguages.
CoverityalsosupportssecuritymodelingofmajorcloudproviderAPIframeworksforcloud-nativeJavaScriptappsthatinteractwithAWSservices(EC2,S3,DynamoDB,IAM)andGoogleCloudStorageAPIs(GCP).
|synopsys.
com|4AIXNetBSDFreeBSDSDLCnativeintegrationsSCMAccuRevApacheSubversion(SVN)CVSGitMercurial(Hg)PerforceHelixTeamFoundationServerSCMLegacyIDEsIBMRationalTeamConcertQNXMomenticsWindRiverWorkbenchCIbuildservers*JenkinsAzureDevOpsServerCodeSightsupportedIDEsVisualStudioforVB.
NET,C#,C/C++,JavaScript,PHP,Python,Ruby,TypeScriptVisualStudioCodeforC#(.
NETCore),C/C++,Java,JavaScript,PHP,Python,Ruby,TypeScriptEclipseforJava,JavaScript,C/C++,PHP,Python,Ruby,TypeScriptIntelliJforJava,JavaScript,PHP,Python,Ruby,TypeScriptWebStormforJavaScript,TypeScriptPyCharmforPythonPhpStormforPHPRubyMineforRubyIssuetrackingJiraBugzillaSupportedcompilersAnalogDevicesBlackfinAnalogDevicesSHARCAnalogDevicesTigerSHARCARMC/C++BorlandC++CEVA-XC4500ClangCosmicCFreescaleCodeWarriorGNUGCC/G++GreenHillsC/C++/EC++HI-TECHPICCIARC/C++IBMAIXIBMXLCIntelC++JDKforMacOSXKeilcompilersMarvellMSAMPLABXC8NvidiaCUDACompiler(NVCC)OpenJDKQNXC/C++RenesasC/C++SNCC/C++SNCGNUC/C++SONYPS4SDKSTMicroelectronicsGNUC/C++STMicroelectronicsSTMicroC/C++Sun(Oracle)CCSun/OracleJDKSynopsysMetaWareCandC++TaskingforARMCortexandTriCoreTICodeComposerVisualStudioWindRiverC/C++(Thislistisnotexclusive)CriticalchecksAPIusageerrorsBestpracticecodingerrorsBufferoverflowsBuildsystemissuesClasshierarchyinconsistenciesCodemaintainabilityissuesConcurrentdataaccessviolationsControlflowissuesCross-siterequestforgery(CSRF)Cross-sitescripting(XSS)DeadlocksErrorhandlingissuesHard-codedcredentialsIncorrectexpressionInsecuredatahandlingIntegerhandlingissuesIntegeroverflowsMemory—corruptionsMemory—illegalaccessesNullpointerdereferencesPathmanipulationPerformanceinefficienciesProgramhangsRaceconditionsResourceleaksRuleviolationsSecuritybestpracticesviolationsSecuritymisconfigurationsSQLinjectionUninitializedmembersTheSynopsysdifferenceSynopsyshelpsdevelopmentteamsbuildsecure,high-qualitysoftware,minimizingriskswhilemaximizingspeedandproductivity.
Synopsys,arecognizedleaderinapplicationsecurity,providesstaticanalysis,softwarecompositionanalysis,anddynamicanalysissolutionsthatenableteamstoquicklyfindandfixvulnerabilitiesanddefectsinproprietarycode,opensourcecomponents,andapplicationbehavior.
FormoreinformationabouttheSynopsysSoftwareIntegrityGroup,visitusonlineatwww.
synopsys.
com/software.
Synopsys,Inc.
185BerryStreet,Suite6500SanFrancisco,CA94107USAU.
S.
Sales:800.
873.
8193InternationalSales:+1415.
321.
5237Email:sig-info@synopsys.
com2021Synopsys,Inc.
Allrightsreserved.
SynopsysisatrademarkofSynopsys,Inc.
intheUnitedStatesandothercountries.
AlistofSynopsystrademarksisavailableatwww.
synopsys.
com/copyright.
html.
Allothernamesmentionedhereinaretrademarksorregisteredtrademarksoftheirrespectiveowners.
March2021.
*ForadditionalCoverityonPolarisCIbuildserverandotherpluginintegrations,seethePolarisdatasheet.
ForthelatestCodeSightandsupportedIDEversionnumbers,seehttps://dev.
sig-docs.
synopsys.
com/codesight/topics/support_matrix/r_code_sight_support_matrix.
htmlThisdatasheetappliestoCoverity2021.
03andlaterreleases.
profitserver怎么样?profitserver是一家成立于2003的主机商家,是ITC控股的一个部门,主要经营的产品域名、SSL证书、虚拟主机、VPS和独立服务器,机房有俄罗斯、新加坡、荷兰、美国、保加利亚,VPS采用的是KVM虚拟架构,硬盘采用纯SSD,而且最大的优势是不限制流量,大公司运营,机器比较稳定,数据中心众多。此次ProfitServer正在对德国VPS(法兰克福)、西班牙v...
diyvm怎么样?diyvm商家VPS主机均2GB内存起步,三个地区机房可选,使用优惠码后每月69元起;DiyVM独立服务器开设在香港沙田电信机房,CN2线路,5M带宽,自动化开通上架,最低499元/月,配置是L5630*2/16G内存/120G SSD硬盘。DiyVM是一家成立于2009年的国人主机商,提供的产品包括VPS主机、独立服务器租用等,产品数据中心包括中国香港、日本大阪和美国洛杉矶等,...
NameSilo是通过之前的感恩节优惠活动中认识到这家注册商的,于是今天早上花了点时间专门了解了NameSilo优惠码和商家的详细信息。该商家只销售域名,他们家的域名销售价格还是中规中矩的,没有像godaddy域名标价和使用优惠之后的价格悬殊很大,而且其特色就是该域名平台提供免费的域名停放、免费隐私保护等功能。namesilo新注册域名价格列表,NameSilo官方网站:www.namesilo....
jqueryfind为你推荐
更新ios机动车diandian平台操作使用手册Descriptionios5tracerouteTRACEROUTE的作用是什么勒索病毒win7补丁为了防勒索病毒,装了kb4012212补丁,但出现关机蓝屏的问题了,开机正常itunes备份itunes备份是什么itunes备份itunes就是备份不了怎么办啊itunes备份itunes 里面的资料如何备份?联通版iphone4s怎么知道到苹果4s是联通版,还是移动版
天津服务器租赁 搬瓦工官网 鲜果阅读 tk域名 一元域名 华为网络硬盘 大容量存储器 php空间推荐 徐正曦 中国网通测速 hdd 微软服务器操作系统 512mb 台湾google 个人免费邮箱 百度云空间 如何登陆阿里云邮箱 服务器防御 电信主机托管 godaddy退款 更多