A Survey on Coverity Scan Analysis

Abstract: The compiler often misses significant programme flaws. Finding vulnerabilities and minimizing faults in a software programme is possible through static code analysis. This paper presents an overview of static code analysis using a tool called Coverity.The Coverity Analysis package offers checkers that do runtime analysis of the code with dynamic as well as static analysis. Checkers look for problems in two areas in general: Quality problems Identify any code that, if executed, will fail in some way. Code that is vulnerable to attack is identified by security problems. For developers that want flexible, in-depth, and accurate source code analysis, coverity static analysis is the go-to solution since it yields a thorough insight of the build environment and source code.This paper will give an insight of some types of coverity defects along with examples.

Keywords: Static analysis, tools, alerts, warnings, vulnerabilities