configurationjqueryfind
jqueryfind 时间:2021-05-17 阅读:(
)
|synopsys.
com|1CoverityStaticAnalysisQuicklyfindandfixcriticalsecurityandqualityissuesasyoucodeOverviewCoveritygivesyouthespeed,easeofuse,accuracy,industrystandardscompliance,andscalabilitythatyouneedtodevelophigh-quality,secureapplications.
Coverityidentifiescriticalsoftwarequalitydefectsandsecurityvulnerabilitiesincodeasit'swritten,earlyinthedevelopmentprocess,whenit'sleastcostlyandeasiesttofix.
Preciseactionableremediationadviceandcontext-specificeLearninghelpyourdevelopersunderstandhowtofixtheirprioritizedissuesquickly,withouthavingtobecomesecurityexperts.
CoverityseamlesslyintegratesautomatedsecuritytestingintoyourCI/CDpipelinesandsupportsyourexistingdevelopmenttoolsandworkflows.
Choosewhereandhowtodoyourdevelopment:on-premisesorinthecloudwiththePolarisSoftwareIntegrityPlatform(SaaS),ahighlyscalable,cloud-basedapplicationsecurityplatform.
Coveritysupports21languagesandover70frameworksandtemplates.
KeyfeaturesFastandaccurateanalysisWiththeCodeSightintegrateddevelopmentenvironment(IDE)plugin,developersgetaccurateanalysisinsecondsintheirIDEastheycode.
High-fidelityincrementalanalysisrunsautomaticallyinthebackgroundandusesthesamecomprehensiveCoverityanalysisengineusedforfullcentralanalysis,ensuringconsistent,accurateresults.
Coverityprovidesdevelopersalltheinformationtheyneedtounderstandhowtofixidentifiedissues—detaileddescriptions,categories,severities,CWEinformation,defectlocation,detailedremediationguidance,anddataflowtraces—aswellasissuetriageandmanagementfeatures,withintheirIDE.
Coverity's"analysiswithoutbuild"featureenablessecurityteamstoindependentlyassesssecurityissuesinsoftwarewithoutbuildingit.
Simplyspecifythelocationoftheproject,andCoveritywillautomaticallyidentify,download,andanalyzeallrequireddependencies.
ComprehensivereportingandcompliancevisibilityPolarisintegratesSynopsysanalysisengines,includingCoveritystaticanalysisandBlackDucksoftwarecompositionanalysis,andSynopsysManagedServicestoprovideorganizationswithaholisticviewoftheirapplications'riskpostureatdifferentsoftwaredevelopmentlifecycle(SDLC)stages.
Securityteamscangetacentralizedaggregatedriskprofileoftheirentireapplicationportfolio.
APIsenableimportingresultsintootherriskreportingtools.
Youcanfilteridentifiedvulnerabilitiesbycategory,viewtrendreports,prioritizeremediationofvulnerabilitiesbasedoncriticality,andmanagesecuritypolicycompliance(e.
g.
,OWASPTop10,CWETop25,andPCIDSS)acrossteamsandprojects.
"Issuesovertime"reportsshowseveritylevelsoverdifferenttimeframesandgiveyouimmediateinformationaboutthesecuritypostureofyourprojects.
PDFreportdownloadsallowauditorstomaintaindetailedcompliancerecords.
|synopsys.
com|2Inaddition,Coverityprovidesbest-in-classidentificationofcodequalityissuesforC/C++andthemostcomprehensivecoverageofstandardsrelatedtosafety,security,andreliability(e.
g.
,MISRA,CERTC/C++,CERTJava,DISASTIG,ISO26262,ISO/IECTS17961,andAUTOSAR),aswellasqualityissuesdescribedinNvidia'sCUDAC++guidelines.
EnterprisescalabilityandagilityWithCoverityonPolaris,organizationsdon'tneedtoinstallandmaintaincostlyon-premisesequipmentbutcanelasticallyscaletheirapplicationsecuritytestingtomeettheirgrowingbusinessneeds.
PolarissetupisassimpleasloggingintoaURL,thendownloadingandinstallingthecommandlineinterface(CLI)orrunningitthroughyourCIworkflowstostartanalysisofyoursourcecode.
SincetheCoverityanalysisenginesrunonahighlyavailablecloudplatform,CoverityonPolariscaneasilyscaletoaccommodatethousandsofdevelopersandprojectsandhandlemillionsofissueswithhighperformanceanduptime.
TheCodeSightpluginrequireszeroconfigurationandcanbedownloadedfromthemarketplacewebsitesforVisualStudio,Eclipse,IntelliJ,WebStorm,PyCharm,PhpStorm,andRubyMine.
SoftwaredevelopmentlifecycleintegrationsCoverityhasnativeintegrationsforIDEs(e.
g.
,VisualStudio,Eclipse,IntelliJ,RubyMine,WindRiverWorkbench,andAndroidStudio),sourcecodemanagement(SCM)solutions,issuetrackers(e.
g.
,JiraandBugzilla),CIbuildtools(e.
g.
,JenkinsandAzureDevOps),andapplicationlifecyclemanagement(ALM)solutions.
RESTAPIsareavailabletosupportotherbuildautomationsolutionsaswellasimportinganalysisresultsintootherenterpriseorcustomtools.
CoverityonPolarisprovidesadditionalpluginsandintegrationsforautomatedcloud-basedsecuritytestingduringdevelopmentandpre-deploymentstages.
RESTAPIsareavailableforimportinganalysisresultsintosecurityandriskreportingtools.
RefertothePolarisdatasheetforadditionalinformation.
ComprehensiveissuemanagementdashboardsInadditiontoCodeSightforlocalIDE-baseddevelopment,theCoverityonPolarisweb-basedunifiedplatforminterfacealsohelpsdevelopersfixidentifiedissuesandprovidesdetaileddescriptions,categories,severities,CWEinformation,defectlocation,detailedremediationguidance,anddataflowtraces,aswellascentralizedissuetriageanddetailedissuehistorylogs.
Developmentmanagersareabletocreate"issuesovertime"trendlinechartsshowingoverallsecurityriskandcompliancetoindustrystandards(e.
g.
,OWASPTop10andCWETop25)andhowindividualdevelopersorentireprojectteamsaredoinginclearingtheirprioritizedissues.
YoucaneasilyviewreportingdashboardsofIndustryRecognizedPriorityLists,Top5IssuesTypes,andTechnicalRiskIndicatorssothatyoucanfocusonissuesthatmattermosttoyourorganizationandprioritizethem.
PredefinedfiltersallowyoutofilterandgroupissuesbyCWE,standardstaxonomy,prioritylist,riskindicator,path,andindividualdeveloperowners.
ExpandedstandardscomplianceandvulnerabilitydetectionCoverityExtendisaneasy-to-usesoftwaredevelopmentkit(SDK)thatallowsdeveloperstodetectuniquedefecttypes.
TheSDKisaframeworkforwritingprogramanalyzers,orcheckers,toidentifycustomordomain-specificdefects.
CoverityCodeXMisadomain-specificfunctionalprogramminglanguagethatenablesdeveloperstodeveloptheirowncustomcheckerseasily.
Thesecustomizedcheckerssupportcompliancewithcorporatesecurityrequirementsandindustrystandardsorguidelines.
BenefitsGetimprovedvisibilityintosecurityrisk.
Cross-productreportingprovidesaholistic,morecompleteviewofaproject'sriskusingbest-in-classSASTandSCAtoolsandSynopsysManagedServices.
Deploymentflexibility.
YoudecidewhichsetofprojectstodoAppSectestingfor:on-premisesorinthecloud.
Shiftsecuritytestingleft.
Developersgethigh-fidelityincrementalanalysisresultsinsecondsastheycode,sotheycanfixanyissuespriortothebuild-testphase.
Supportdevelopers.
Enableyourteamstofixsoftwaredefectsquickly,easily,andcorrectlybysupplyingallthecontext,details,andadvicetheyneedtounderstandhowtofixissues.
Context-specificeLearning(availabletoeLearningcustomers)specifictoCWEsidentifiedindevelopers'owncodeprovidesimmediatesecuritytrainingwhentheyneedit.
Developersdon'tneedtobesecurityexperts.
|synopsys.
com|3SupportedlanguagesandplatformsC/C++C#CUDAJavaJavaScriptJavaAndroidSDKApacheShiroAxisDWREnterpriseJavaBeans(EJBs)GWTHibernateiBatisJavaFrameworksJavaPersistenceAPI(JPA)Javax.
websocketJAXRSJAXWSJEEJSF/FaceletsJSPandJSPStandardTagLibrary(JSTL)ReactiveX(RxJava,Reactor)RestletSpringBootSpringFrameworkStrutsTerasolunaTilesVert.
xWSXML-RPCC#ASP.
NETCoreMVC/ASP.
NETMVCASP.
NETCoreWebAPIASP.
NETASMXWebServicesASP.
NETWebFormsIdentityServerMassTransitRazortemplatesWCFServicesCoverityStaticAnalysis|TechnicalSpecificationPHPPython.
NETCoreASP.
NETObjective-CGoJSPRubyJavaScript/TypeScriptClient-sideAngularAngularJSApacheCordovaBackboneBootstrapEmberHTML5DOMAPIs/AjaxjQueryMithrilReact/PreactSocket.
IOSwigVueServer-sideAngularserver-siderendering(ExpressandHapiengines)ExpressFastifyHapiKoaMean.
ioNodePassportReactserver-siderendering(Next.
js)RestifySAPXSClassicandAdvancedSocket.
IOVueserver-siderenderingTemplateenginesConsolidatedoT.
jsEJSHandlebarsHoganSwiftFortranScalaVB.
NETiOSAndroidTypeScriptKotlinJadekoa-viewsLodash(templating)MarkoMustacheNunjucksPugSwigTwigUnderscore(templating)VisionMajorlibrariesAxiosGoogleCloudAPIs(Storage)Mongoose/MongoDBRequestSequelizeSqlxSwashbuckleUnderscore/LodashGOEchoPHPSymfonyPythonFlaskDjangoRubyRubyonRailsSupportedplatformsWindowsLinuxMacOSXSolarisSupportedframeworksCoveritysupportsover70differentframeworksforJava,JavaScript,C#,andotherlanguages.
CoverityalsosupportssecuritymodelingofmajorcloudproviderAPIframeworksforcloud-nativeJavaScriptappsthatinteractwithAWSservices(EC2,S3,DynamoDB,IAM)andGoogleCloudStorageAPIs(GCP).
|synopsys.
com|4AIXNetBSDFreeBSDSDLCnativeintegrationsSCMAccuRevApacheSubversion(SVN)CVSGitMercurial(Hg)PerforceHelixTeamFoundationServerSCMLegacyIDEsIBMRationalTeamConcertQNXMomenticsWindRiverWorkbenchCIbuildservers*JenkinsAzureDevOpsServerCodeSightsupportedIDEsVisualStudioforVB.
NET,C#,C/C++,JavaScript,PHP,Python,Ruby,TypeScriptVisualStudioCodeforC#(.
NETCore),C/C++,Java,JavaScript,PHP,Python,Ruby,TypeScriptEclipseforJava,JavaScript,C/C++,PHP,Python,Ruby,TypeScriptIntelliJforJava,JavaScript,PHP,Python,Ruby,TypeScriptWebStormforJavaScript,TypeScriptPyCharmforPythonPhpStormforPHPRubyMineforRubyIssuetrackingJiraBugzillaSupportedcompilersAnalogDevicesBlackfinAnalogDevicesSHARCAnalogDevicesTigerSHARCARMC/C++BorlandC++CEVA-XC4500ClangCosmicCFreescaleCodeWarriorGNUGCC/G++GreenHillsC/C++/EC++HI-TECHPICCIARC/C++IBMAIXIBMXLCIntelC++JDKforMacOSXKeilcompilersMarvellMSAMPLABXC8NvidiaCUDACompiler(NVCC)OpenJDKQNXC/C++RenesasC/C++SNCC/C++SNCGNUC/C++SONYPS4SDKSTMicroelectronicsGNUC/C++STMicroelectronicsSTMicroC/C++Sun(Oracle)CCSun/OracleJDKSynopsysMetaWareCandC++TaskingforARMCortexandTriCoreTICodeComposerVisualStudioWindRiverC/C++(Thislistisnotexclusive)CriticalchecksAPIusageerrorsBestpracticecodingerrorsBufferoverflowsBuildsystemissuesClasshierarchyinconsistenciesCodemaintainabilityissuesConcurrentdataaccessviolationsControlflowissuesCross-siterequestforgery(CSRF)Cross-sitescripting(XSS)DeadlocksErrorhandlingissuesHard-codedcredentialsIncorrectexpressionInsecuredatahandlingIntegerhandlingissuesIntegeroverflowsMemory—corruptionsMemory—illegalaccessesNullpointerdereferencesPathmanipulationPerformanceinefficienciesProgramhangsRaceconditionsResourceleaksRuleviolationsSecuritybestpracticesviolationsSecuritymisconfigurationsSQLinjectionUninitializedmembersTheSynopsysdifferenceSynopsyshelpsdevelopmentteamsbuildsecure,high-qualitysoftware,minimizingriskswhilemaximizingspeedandproductivity.
Synopsys,arecognizedleaderinapplicationsecurity,providesstaticanalysis,softwarecompositionanalysis,anddynamicanalysissolutionsthatenableteamstoquicklyfindandfixvulnerabilitiesanddefectsinproprietarycode,opensourcecomponents,andapplicationbehavior.
FormoreinformationabouttheSynopsysSoftwareIntegrityGroup,visitusonlineatwww.
synopsys.
com/software.
Synopsys,Inc.
185BerryStreet,Suite6500SanFrancisco,CA94107USAU.
S.
Sales:800.
873.
8193InternationalSales:+1415.
321.
5237Email:sig-info@synopsys.
com2021Synopsys,Inc.
Allrightsreserved.
SynopsysisatrademarkofSynopsys,Inc.
intheUnitedStatesandothercountries.
AlistofSynopsystrademarksisavailableatwww.
synopsys.
com/copyright.
html.
Allothernamesmentionedhereinaretrademarksorregisteredtrademarksoftheirrespectiveowners.
March2021.
*ForadditionalCoverityonPolarisCIbuildserverandotherpluginintegrations,seethePolarisdatasheet.
ForthelatestCodeSightandsupportedIDEversionnumbers,seehttps://dev.
sig-docs.
synopsys.
com/codesight/topics/support_matrix/r_code_sight_support_matrix.
htmlThisdatasheetappliestoCoverity2021.
03andlaterreleases.
享有云怎么样?享有云是一家新的国内云服务器商家,目前提供国内、香港及海外地区的云服务器,拥有多线路如:BGP线路、CN2线路、高防等云服务器,并且提供稳定、安全、弹性、高性能的云端计算服务,实时满足您的多样性业务需求。目前,美国bgp云服务器,5M带宽,低至20元/月起,270元/年起,首月打折;香港2核2G2M仅50元/月起,450元/年起!点击进入:享有云官方网站地址享有云优惠活动:一、美国B...
PacificRack在本月发布了几款特价产品,其中最低款支持月付仅1.5美元,基于KVM架构,洛杉矶机房,PR-M系列。PacificRack简称PR,QN机房旗下站点,主要提供低价VPS主机产品,基于KVM架构,数据中心为自营洛杉矶机房,现在只有PR-M一个系列,分为了2个类别:常规(Elastic Compute Service)和多IP产品(Multi IP Server)。下面列出几款秒...
HostKvm 商家我们算是比较熟悉的国内商家,商家主要还是提供以亚洲数据中心,以及直连海外线路的服务商。这次商家有新增香港和俄罗斯两个机房的高防服务器方案。默认提供30GB防御,且目前半价优惠至4.25美元起步,其他方案的VPS主机还是正常的八折优惠。我们看看优惠活动。香港和俄罗斯半价优惠:2021fall,限购100台。通用优惠码:2021 ,八折优惠全部VPS。我们看看具体的套餐。1、香港高...
jqueryfind为你推荐
loadedios支持ipaditunes备份怎么使用iTunes备份用itunes备份如何使用itunes完整备份iPhone资料迅雷快鸟迅雷快鸟支持移动宽带提速吗迅雷雷鸟啊啊,想下载《看门狗》可13GB的大小,我每秒才450KB,我该怎么样才能大幅度地免费提高电脑下载迅雷雷鸟雷鸟手机谁用过性能怎样样?杀毒软件免费下载2013排行榜杀毒软件排行榜2015有哪些?morphvoxpro怎么用怎么使用morphvox pro安卓4.4.4android4.4和android4.4.4是一样的系统吗
服务器租用托管 域名商 80vps lunarpages 免费主机 新世界电讯 e蜗 北京双线机房 softbank邮箱 卡巴斯基试用版 免费美国空间 免费mysql数据库 空间租赁 海外空间 七牛云存储 广州服务器托管 香港ip restart windowsserver2012 建站行业 更多