Perforce, profile picture
Uploaded byPerforce
521 views

[Europe merge world tour] Coverity Development Testing

Development testing can reduce costs, accelerate development, and protect brands by: 1) Finding defects earlier in the development process before they escape to production through continuous integration and static analysis. 2) Prioritizing testing of critical code and ensuring all code impacted by changes is tested. 3) Optimizing developer workflows by integrating testing into the development process and minimizing redundant testing.

Embed presentation

Downloaded 15 times
Coverity Development Testing Accelerating Risk Mitigation through Continuous Integration and Development Testing
“Software is Eating the World” Software - Marc Andreessen Health Financial Communications SCM / Logistics Enterprise Mobile 81% of business leaders believe technology is a fundamental element of their business model Over 60 million tablets and 175 million smart phones will be in the workplace by the end of 2012 By 2016, open source software will be included in mission- critical applications within 99% of Global 2000 enterprises Automotive
Development Testing … … is transforming software development by: Reducing operational costs Accelerating development and time to market Protecting brands from catastrophic failure
Why All the Risk? Software Complexity and Speed have Outpaced Legacy Testing Methods Development Testing Software Complexity Time to Market Testing MethodsSecurity Testing Functional Testing Performance Testing Manual Testing
Fewer defects escape development Design Development Quality & Security Assurance Product Release & Management Development Testing Transform software testing, from reactive to proactive
Transformation Maturity Model Level 1 Automatic Defect Detection No new defects introduced. Level 3 Developer Workflow Optimization Feeding all components into the developer workflow Level 4 Code Governance Establish source code acceptance criteria Complete Enterprise Code Assurance All critical code and code impacted by change is tested IntegrationintoSDLCHigh Development Testing Adoption High Level 2 Identification of Residual Risk Ensure critical code is prioritized & tested
How Coverity Static Analysis Works Mimicks the behavior of dozens of compilers Integrates with existing build systems Statically tests all execution paths Finds defects and inconsistent coding patterns AnalyzeBuild Explains the location and root cause of defects Manage and share triage of defects across teams Present & Manage
Meaningful, real results Focus on finding real defects, not style violations or superficial issues. Over 12 years of experience analyzing open source and commercial code. Industry-leading low false positive/negative rate False positive rates typically below 15% False positives waste time, hinder adoption, and reduce trust in the results. Broadest Checker Library + Deepest Algorithms Optimal balance of breadth, depth, and scalability to large code bases. High Quality Results
Sample Project: PostgreSQL Defects Fixed in 2012 per Category Category # Defects Impact Memory  –  corrup,ons   20   High   Memory  -­‐  illegal  accesses   10   High   Resource  leaks   43   High   Unini,alized  variables   10   High   API  usage  errors   1   Medium   Control  flow  issues   4   Medium   Error  handling  issues   14   Medium   Incorrect  expression   3   Medium   Insecure  data  handling   24   Medium   Integer  handling  issues   8   Medium   Null  pointer  dereferences   43   Medium   Code  maintainability  issues   58   Low   Security  best  prac,ces  viola,ons   15   Low   Grand  Total   253   •  ~20 Developers •  Weekly Build •  680k LOC •  False Positive Rate: 11.1% •  Defect Density: 0,273
We Find Critical Defects •  Tomcat Webserver 5.5.17 •  Among several hundred defects, we found a “reverse lock bug” that can lead to deadlock of the entire server
Focus testing time where it matters … don’t waste time writing tests you don’t need Test Advisor Improving Unit Testing Effectiveness and Efficiency High Risk Code High Risk Code
Risk Mitigation Architecture Test Advice Actionable work items to address risk due to inadequate testing Test Policy Evaluation •  Critical code analysis •  Change impact analysis •  Test execution analysis Test Monitoring Code Ownership and Change History Static Code Analysis Customized Test Policy
Move Quality into the Inner Loop of Development Code Build Test Nightly Build Continuous Integration Finding and Fixing Quality Defects
QA Development Testing Workflow Code Check In Development Security Audit Static Analysis Results Nightly/Continuous Build Regression Test •  Built into development process •  Retesting minimized •  Immediately actionable by developers •  Reduces burden on auditing team Developer QA Security
Issue Responsibility Is Critical
Ingredients for Success Code Build Test Nightly Build Continuous Integration High-Fidelity Code Compilation High- Performance Analysis Low False Positive Rate Detecting Critical Defects Easy Defect Navigation and Comprehension Comprehensive Triage and Remediation Management Visibility and Governance Team Collaboration
Governance with Metrics Automated high-fidelity analysis on daily basis 18 Fast and educated triage of results to categorize and prioritize issuesAccurate Data Precise actions based on comprehensive data analysis Trusted Data
Policy Definition and Monitoring Definition of organizational-wide policies for code quality Aggregated sanity view of code by component, team, supplier
Supplier SLA Enforcement Supplier self-certification based upon policies
Transformation Maturity Model Level 1 Automatic Defect Detection No new defects introduced. Level 3 Developer Workflow Optimization Feeding all components into the developer workflow Level 4 Code Governance Establish source code acceptance criteria Complete Enterprise Code Assurance All critical code and code impacted by change is tested IntegrationintoSDLCHigh Development Testing Adoption High Level 2 Identification of Residual Risk Ensure critical code is prioritized & tested
Coverity Development Testing Platform Security Advisor Test Advisor Analysis Packs Coverity SAVE™ Static Analysis Verification Engine SDLC Integrations Policy Manager Quality Advisor Architecture Analysis Dynamic Analysis FindBugs™ Analysis Analysis Integration Toolkit Coverity Connect Test Execution Third Party Metrics Build/ Continuous Integration HP ALM IDE Code Coverage Defect Tracking SCM
ü  Proven significant operational cost reductions ü  Metric visibility of code estate onshore and offshore ü  Proven history of finding crash causing or unexpected behavior causing defects ü  Process Improvement of the Application Lifecycle Management Coverity Summary
Questions ?!?! ! !

More Related Content

PPTX
Predictive Analytics in Software Testing
byPavan Kumar Kodedela
 
PDF
Take your code and quality to the next level by Serena Software
bySerena Software
 
PPTX
Shifting the conversation from active interception to proactive neutralization
byRogue Wave Software
 
PPTX
Decreasing false positives in automated testing
bySauce Labs
 
PPTX
Security Services and Approach by Nazar Tymoshyk
bySoftServe
 
PPT
Introducing: Klocwork Insight Pro | November 2009
byKlocwork
 
PPTX
Dimensions CM Summer VUG Presentation
bySerena Software
 
PPTX
Let the adventure begin the 80-20 testing - ingenuity
byIndium Software
 
Predictive Analytics in Software Testing
byPavan Kumar Kodedela
 
Take your code and quality to the next level by Serena Software
bySerena Software
 
Shifting the conversation from active interception to proactive neutralization
byRogue Wave Software
 
Decreasing false positives in automated testing
bySauce Labs
 
Security Services and Approach by Nazar Tymoshyk
bySoftServe
 
Introducing: Klocwork Insight Pro | November 2009
byKlocwork
 
Dimensions CM Summer VUG Presentation
bySerena Software
 
Let the adventure begin the 80-20 testing - ingenuity
byIndium Software
 

What's hot

PDF
What is Software Testing?
byQAI Global
 
PDF
Defect Prevention & Predictive Analytics - XBOSoft Webinar
byXBOSoft
 
PDF
Better Software East 2016: Evolving Automated to Continuous
byParasoft
 
PPTX
Why every dev team needs static analysis
byCoderGears
 
PDF
Next generation software testing trends
byArun Kulkarni
 
PPTX
Digital Product Security
bySoftServe
 
PDF
Are Agile And Secure Development Mutually Exclusive?
bySource Conference
 
PPTX
Software Testing Services
byScienceSoft
 
PPTX
Agile and Secure Development
byNazar Tymoshyk, CEH, Ph.D.
 
PPT
Sergey Gordeychik, Security Metrics for PCI DSS Compliance
byqqlan
 
PPT
Testing introduction
byfactscomputersoftware
 
PDF
Testing Services - Software Quality Assurance
byCCS Technologies (P) Ltd.
 
PPTX
Programming languages and techniques for today’s embedded andIoT world
byRogue Wave Software
 
PPTX
Agile and Secure SDLC
byNazar Tymoshyk, CEH, Ph.D.
 
PPTX
Performance Aware Development
bySaurabh Badhwar
 
PPTX
OWASP Top 10 practice workshop by Stanislav Breslavskyi
byNazar Tymoshyk, CEH, Ph.D.
 
PPTX
Cyber security - It starts with the embedded system
byRogue Wave Software
 
PPTX
Security as a new metric for Business, Product and Development Lifecycle
byNazar Tymoshyk, CEH, Ph.D.
 
PPTX
ATAGTR2017 Performance Testing and Non-Functional Testing Strategy for Big Da...
byAgile Testing Alliance
 
PPTX
QA Trends 2010
byGalit Fein
 
What is Software Testing?
byQAI Global
 
Defect Prevention & Predictive Analytics - XBOSoft Webinar
byXBOSoft
 
Better Software East 2016: Evolving Automated to Continuous
byParasoft
 
Why every dev team needs static analysis
byCoderGears
 
Next generation software testing trends
byArun Kulkarni
 
Digital Product Security
bySoftServe
 
Are Agile And Secure Development Mutually Exclusive?
bySource Conference
 
Software Testing Services
byScienceSoft
 
Agile and Secure Development
byNazar Tymoshyk, CEH, Ph.D.
 
Sergey Gordeychik, Security Metrics for PCI DSS Compliance
byqqlan
 
Testing introduction
byfactscomputersoftware
 
Testing Services - Software Quality Assurance
byCCS Technologies (P) Ltd.
 
Programming languages and techniques for today’s embedded andIoT world
byRogue Wave Software
 
Agile and Secure SDLC
byNazar Tymoshyk, CEH, Ph.D.
 
Performance Aware Development
bySaurabh Badhwar
 
OWASP Top 10 practice workshop by Stanislav Breslavskyi
byNazar Tymoshyk, CEH, Ph.D.
 
Cyber security - It starts with the embedded system
byRogue Wave Software
 
Security as a new metric for Business, Product and Development Lifecycle
byNazar Tymoshyk, CEH, Ph.D.
 
ATAGTR2017 Performance Testing and Non-Functional Testing Strategy for Big Da...
byAgile Testing Alliance
 
QA Trends 2010
byGalit Fein
 

Viewers also liked

PDF
Tools
byVolodymyr Shymanskyy
 
PDF
Webcast Presentation: Accelerate Continuous Delivery with Development Testing...
byGRUC
 
PDF
Embracing Git and Distributed Teams
byPerforce
 
PDF
Perforce - Under New Management by Konrad Litwin
byPerforce
 
PDF
Single Source of Truth in a Distributed World by Sven Erik Knop
byPerforce
 
PDF
Streams in Parallel Development by Sven Erik Knop
byPerforce
 
PPTX
ClearCase Escape Plan
byPerforce
 
Tools
byVolodymyr Shymanskyy
 
Webcast Presentation: Accelerate Continuous Delivery with Development Testing...
byGRUC
 
Embracing Git and Distributed Teams
byPerforce
 
Perforce - Under New Management by Konrad Litwin
byPerforce
 
Single Source of Truth in a Distributed World by Sven Erik Knop
byPerforce
 
Streams in Parallel Development by Sven Erik Knop
byPerforce
 
ClearCase Escape Plan
byPerforce
 

Similar to [Europe merge world tour] Coverity Development Testing

PDF
[India Merge World Tour] Coverity
byPerforce
 
PPTX
How To Avoid Continuously Delivering Faulty Software
byErika Barron
 
PPTX
How to Avoid Continuously Delivering Faulty Software
byPerforce
 
PPTX
Software engineering practices and software quality empirical research results
byNikolai Avteniev
 
PDF
Introduction to Software Testing
byHenry Muccini
 
PDF
st-notes-13-26-software-testing-is-the-act-of-examining-the-artifacts-and-the...
bymwpeexdvjgtqujwhog
 
PPTX
Sta unit 2(abimanyu)
byAbhimanyu Mishra
 
PPT
Verifcation &validation
byssusere50573
 
PPTX
Software engineering quality assurance and testing
byBipul Roy Bpl
 
PPT
Manual testing ppt
bySantosh Maranabasari
 
PDF
Test Driven Development
byZendCon
 
DOCX
Top 7 reasons why software testing is crucial in SDLC
bySLAJobs Chennai
 
PPTX
Fundamentals of testing
byMuhammad Khairil
 
PPSX
Introduction to software testing
byVenkat Alagarsamy
 
PDF
Getting Ahead of Delivery Issues with Deep SDLC Analysis by Donald Belcham
by.NET Conf UY
 
PPTX
Fundamentals of testing
byANDRI HAIRIYADI, S.Kom.
 
PPT
Software Testing introduction and in detail
byJinuSophiaJ
 
PDF
Testing Theories & Methodologies
byYi Xu
 
PPT
SOFTWARE ENGINEERING unit4-1 CLASS notes in pptx 2nd year
byhodcsm5
 
PPT
Code Quality - Security
bysedukull
 
[India Merge World Tour] Coverity
byPerforce
 
How To Avoid Continuously Delivering Faulty Software
byErika Barron
 
How to Avoid Continuously Delivering Faulty Software
byPerforce
 
Software engineering practices and software quality empirical research results
byNikolai Avteniev
 
Introduction to Software Testing
byHenry Muccini
 
st-notes-13-26-software-testing-is-the-act-of-examining-the-artifacts-and-the...
bymwpeexdvjgtqujwhog
 
Sta unit 2(abimanyu)
byAbhimanyu Mishra
 
Verifcation &validation
byssusere50573
 
Software engineering quality assurance and testing
byBipul Roy Bpl
 
Manual testing ppt
bySantosh Maranabasari
 
Test Driven Development
byZendCon
 
Top 7 reasons why software testing is crucial in SDLC
bySLAJobs Chennai
 
Fundamentals of testing
byMuhammad Khairil
 
Introduction to software testing
byVenkat Alagarsamy
 
Getting Ahead of Delivery Issues with Deep SDLC Analysis by Donald Belcham
by.NET Conf UY
 
Fundamentals of testing
byANDRI HAIRIYADI, S.Kom.
 
Software Testing introduction and in detail
byJinuSophiaJ
 
Testing Theories & Methodologies
byYi Xu
 
SOFTWARE ENGINEERING unit4-1 CLASS notes in pptx 2nd year
byhodcsm5
 
Code Quality - Security
bysedukull
 

More from Perforce

PDF
How to Organize Game Developers With Different Planning Needs
byPerforce
 
PDF
Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...
byPerforce
 
PDF
Efficient Security Development and Testing Using Dynamic and Static Code Anal...
byPerforce
 
PDF
Understanding Compliant Workflow Enforcement SOPs
byPerforce
 
PDF
Branching Out: How To Automate Your Development Process
byPerforce
 
PDF
How to Do Code Reviews at Massive Scale For DevOps
byPerforce
 
PDF
How to Spark Joy In Your Product Backlog
byPerforce
 
PDF
Going Remote: Build Up Your Game Dev Team
byPerforce
 
PDF
Shift to Remote: How to Manage Your New Workflow
byPerforce
 
PPTX
Hybrid Development Methodology in a Regulated World
byPerforce
 
PPTX
Better, Faster, Easier: How to Make Git Really Work in the Enterprise
byPerforce
 
PDF
Easier Requirements Management Using Diagrams In Helix ALM
byPerforce
 
PDF
How To Master Your Mega Backlog
byPerforce
 
PDF
Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...
byPerforce
 
PDF
How to Scale With Helix Core and Microsoft Azure
byPerforce
 
PDF
Achieving Software Safety, Security, and Reliability Part 2
byPerforce
 
PDF
Should You Break Up With Your Monolith?
byPerforce
 
PDF
Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...
byPerforce
 
PDF
What's New in Helix ALM 2019.4
byPerforce
 
PDF
Free Yourself From the MS Office Prison
byPerforce
 
How to Organize Game Developers With Different Planning Needs
byPerforce
 
Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...
byPerforce
 
Efficient Security Development and Testing Using Dynamic and Static Code Anal...
byPerforce
 
Understanding Compliant Workflow Enforcement SOPs
byPerforce
 
Branching Out: How To Automate Your Development Process
byPerforce
 
How to Do Code Reviews at Massive Scale For DevOps
byPerforce
 
How to Spark Joy In Your Product Backlog
byPerforce
 
Going Remote: Build Up Your Game Dev Team
byPerforce
 
Shift to Remote: How to Manage Your New Workflow
byPerforce
 
Hybrid Development Methodology in a Regulated World
byPerforce
 
Better, Faster, Easier: How to Make Git Really Work in the Enterprise
byPerforce
 
Easier Requirements Management Using Diagrams In Helix ALM
byPerforce
 
How To Master Your Mega Backlog
byPerforce
 
Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...
byPerforce
 
How to Scale With Helix Core and Microsoft Azure
byPerforce
 
Achieving Software Safety, Security, and Reliability Part 2
byPerforce
 
Should You Break Up With Your Monolith?
byPerforce
 
Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...
byPerforce
 
What's New in Helix ALM 2019.4
byPerforce
 
Free Yourself From the MS Office Prison
byPerforce
 

Recently uploaded

PDF
DaVinci Commerce January New Year Edition: Our Big Resolution
byCorina Manea
 
PDF
Equinox Gold - February Investor Presentation.pdf
byEquinox Gold Corp.
 
PDF
A Brief Introduction About Xin Yi Hoo
byXin Yi Hoo
 
PPTX
PUC_Centre_Machines_Presentation.pptxknjn
bysaksham9021187243
 
PDF
Trusted for Buying LinkedIn Accounts Solutions via Social Tradia Platform.pdf
byBusiness
 
PDF
What Is Setup for Decoration | Machine Reality Explained
byInkdnylon
 
PPTX
Why NJ State's Apostille Rejections Happen More Often Than You Think
byNew Jersey Mobile Notary & Apostille Services
 
PDF
Buy Verified PayPal Accounts for Safe, Hassle-Free Transactions.pdf
by100 persent Verified Cash App Accounts Seller
 
PDF
ICv2 White Paper - Navigating the New World of Comics
byDennisViau
 
PPTX
Sewage Treatment Plant in Chennai | Best STP Plant Manufacturers in Tamilnad...
byKemproPumps
 
PDF
J Hamilton M&G - 4 Feb 2026 FINAL (1).pdf
byHenry Tapper
 
DOCX
DLL MAPEH 6 Q4 WEEK 6.docxdwefwefweffwe
byandreajanelleabando2
 
PPTX
Sewage Treatment Plant in Bangalore |Best STP Plant Manufacturers in Tamilna...
byKemproPumps
 
PPTX
QUALITY-AUDIT: ISO 9001:2015 Internal Audit Summary Report -.pptx
byAlyumaeRoseTajaleflo
 
PDF
Buy Old Gmail Accounts Created Years Ago.pdf
byBusiness Growth with Verified Accounts
 
PDF
Iryna Rudenko: Follow the Money: How Investment Trends Define IT Niches (UA)
byLviv Startup Club
 
PDF
KGA - Governing administration in a consolidated market
byHenry Tapper
 
PDF
Trusted Platforms Buy Verified Naver Accounts In The USA.pdf
byhttps://boostpvastore.com/
 
PDF
Kirill Klip GEM Royalty TNR Gold Presentation
byKirill Klip
 
PDF
How to Buy Verified Bybit Accounts in 2026.pdf
bymarketing
 
DaVinci Commerce January New Year Edition: Our Big Resolution
byCorina Manea
 
Equinox Gold - February Investor Presentation.pdf
byEquinox Gold Corp.
 
A Brief Introduction About Xin Yi Hoo
byXin Yi Hoo
 
PUC_Centre_Machines_Presentation.pptxknjn
bysaksham9021187243
 
Trusted for Buying LinkedIn Accounts Solutions via Social Tradia Platform.pdf
byBusiness
 
What Is Setup for Decoration | Machine Reality Explained
byInkdnylon
 
Why NJ State's Apostille Rejections Happen More Often Than You Think
byNew Jersey Mobile Notary & Apostille Services
 
Buy Verified PayPal Accounts for Safe, Hassle-Free Transactions.pdf
by100 persent Verified Cash App Accounts Seller
 
ICv2 White Paper - Navigating the New World of Comics
byDennisViau
 
Sewage Treatment Plant in Chennai | Best STP Plant Manufacturers in Tamilnad...
byKemproPumps
 
J Hamilton M&G - 4 Feb 2026 FINAL (1).pdf
byHenry Tapper
 
DLL MAPEH 6 Q4 WEEK 6.docxdwefwefweffwe
byandreajanelleabando2
 
Sewage Treatment Plant in Bangalore |Best STP Plant Manufacturers in Tamilna...
byKemproPumps
 
QUALITY-AUDIT: ISO 9001:2015 Internal Audit Summary Report -.pptx
byAlyumaeRoseTajaleflo
 
Buy Old Gmail Accounts Created Years Ago.pdf
byBusiness Growth with Verified Accounts
 
Iryna Rudenko: Follow the Money: How Investment Trends Define IT Niches (UA)
byLviv Startup Club
 
KGA - Governing administration in a consolidated market
byHenry Tapper
 
Trusted Platforms Buy Verified Naver Accounts In The USA.pdf
byhttps://boostpvastore.com/
 
Kirill Klip GEM Royalty TNR Gold Presentation
byKirill Klip
 
How to Buy Verified Bybit Accounts in 2026.pdf
bymarketing
 

[Europe merge world tour] Coverity Development Testing

  • 1.
    Coverity Development Testing AcceleratingRisk Mitigation through Continuous Integration and Development Testing
  • 2.
    “Software is Eatingthe World” Software - Marc Andreessen Health Financial Communications SCM / Logistics Enterprise Mobile 81% of business leaders believe technology is a fundamental element of their business model Over 60 million tablets and 175 million smart phones will be in the workplace by the end of 2012 By 2016, open source software will be included in mission- critical applications within 99% of Global 2000 enterprises Automotive
  • 4.
    Development Testing … …is transforming software development by: Reducing operational costs Accelerating development and time to market Protecting brands from catastrophic failure
  • 5.
    Why All theRisk? Software Complexity and Speed have Outpaced Legacy Testing Methods Development Testing Software Complexity Time to Market Testing MethodsSecurity Testing Functional Testing Performance Testing Manual Testing
  • 6.
    Fewer defects escapedevelopment Design Development Quality & Security Assurance Product Release & Management Development Testing Transform software testing, from reactive to proactive
  • 7.
    Transformation Maturity Model Level1 Automatic Defect Detection No new defects introduced. Level 3 Developer Workflow Optimization Feeding all components into the developer workflow Level 4 Code Governance Establish source code acceptance criteria Complete Enterprise Code Assurance All critical code and code impacted by change is tested IntegrationintoSDLCHigh Development Testing Adoption High Level 2 Identification of Residual Risk Ensure critical code is prioritized & tested
  • 8.
    How Coverity StaticAnalysis Works Mimicks the behavior of dozens of compilers Integrates with existing build systems Statically tests all execution paths Finds defects and inconsistent coding patterns AnalyzeBuild Explains the location and root cause of defects Manage and share triage of defects across teams Present & Manage
  • 9.
    Meaningful, real results Focuson finding real defects, not style violations or superficial issues. Over 12 years of experience analyzing open source and commercial code. Industry-leading low false positive/negative rate False positive rates typically below 15% False positives waste time, hinder adoption, and reduce trust in the results. Broadest Checker Library + Deepest Algorithms Optimal balance of breadth, depth, and scalability to large code bases. High Quality Results
  • 10.
    Sample Project: PostgreSQL DefectsFixed in 2012 per Category Category # Defects Impact Memory  –  corrup,ons   20   High   Memory  -­‐  illegal  accesses   10   High   Resource  leaks   43   High   Unini,alized  variables   10   High   API  usage  errors   1   Medium   Control  flow  issues   4   Medium   Error  handling  issues   14   Medium   Incorrect  expression   3   Medium   Insecure  data  handling   24   Medium   Integer  handling  issues   8   Medium   Null  pointer  dereferences   43   Medium   Code  maintainability  issues   58   Low   Security  best  prac,ces  viola,ons   15   Low   Grand  Total   253   •  ~20 Developers •  Weekly Build •  680k LOC •  False Positive Rate: 11.1% •  Defect Density: 0,273
  • 11.
    We Find CriticalDefects •  Tomcat Webserver 5.5.17 •  Among several hundred defects, we found a “reverse lock bug” that can lead to deadlock of the entire server
  • 12.
    Focus testing time where itmatters … don’t waste time writing tests you don’t need Test Advisor Improving Unit Testing Effectiveness and Efficiency High Risk Code High Risk Code
  • 13.
    Risk Mitigation Architecture TestAdvice Actionable work items to address risk due to inadequate testing Test Policy Evaluation •  Critical code analysis •  Change impact analysis •  Test execution analysis Test Monitoring Code Ownership and Change History Static Code Analysis Customized Test Policy
  • 14.
    Move Quality intothe Inner Loop of Development Code Build Test Nightly Build Continuous Integration Finding and Fixing Quality Defects
  • 15.
    QA Development Testing Workflow CodeCheck In Development Security Audit Static Analysis Results Nightly/Continuous Build Regression Test •  Built into development process •  Retesting minimized •  Immediately actionable by developers •  Reduces burden on auditing team Developer QA Security
  • 16.
  • 17.
    Ingredients for Success Code Build Test NightlyBuild Continuous Integration High-Fidelity Code Compilation High- Performance Analysis Low False Positive Rate Detecting Critical Defects Easy Defect Navigation and Comprehension Comprehensive Triage and Remediation Management Visibility and Governance Team Collaboration
  • 18.
    Governance with Metrics Automatedhigh-fidelity analysis on daily basis 18 Fast and educated triage of results to categorize and prioritize issuesAccurate Data Precise actions based on comprehensive data analysis Trusted Data
  • 19.
    Policy Definition andMonitoring Definition of organizational-wide policies for code quality Aggregated sanity view of code by component, team, supplier
  • 20.
    Supplier SLA Enforcement Supplierself-certification based upon policies
  • 21.
    Transformation Maturity Model Level1 Automatic Defect Detection No new defects introduced. Level 3 Developer Workflow Optimization Feeding all components into the developer workflow Level 4 Code Governance Establish source code acceptance criteria Complete Enterprise Code Assurance All critical code and code impacted by change is tested IntegrationintoSDLCHigh Development Testing Adoption High Level 2 Identification of Residual Risk Ensure critical code is prioritized & tested
  • 22.
    Coverity Development TestingPlatform Security Advisor Test Advisor Analysis Packs Coverity SAVE™ Static Analysis Verification Engine SDLC Integrations Policy Manager Quality Advisor Architecture Analysis Dynamic Analysis FindBugs™ Analysis Analysis Integration Toolkit Coverity Connect Test Execution Third Party Metrics Build/ Continuous Integration HP ALM IDE Code Coverage Defect Tracking SCM
  • 23.
    ü  Proven significantoperational cost reductions ü  Metric visibility of code estate onshore and offshore ü  Proven history of finding crash causing or unexpected behavior causing defects ü  Process Improvement of the Application Lifecycle Management Coverity Summary
  • 24.