Coverity introduces build analysis tool, new Integrity Center |
 |
By Colleen Frye, Contributor
14 Apr 2009 | SearchSoftwareQuality.com |
|
|
Coverity this week announced a new software build analysis product along with the bundling of all its software analysis products into one offering called the Coverity Integrity Center.
Coverity Build Analysis automatically scans software builds to analyze and pinpoint the root cause of build defects, find compliance violations and detect quality and security issues introduced during the build.
Ben Chelf, CTO at San Francisco-based Coverity Inc., called build analysis an "untapped arena."
"There are lots of ways to specify a build and ways to manage a build system, like Hudson, CruiseControl, Electric Commander, but they don't give development organizations insight as to what's happening," he said. "The build can break, there are security ramifications, there are performance bottlenecks for developers as they're waiting for builds to finish."
It's a problem, said Jeffrey Hammond, a principal analyst at Cambridge, Mass.-based Forrester Research Inc. "Software builds are potentially huge time sinks for organizations, especially large ones." From his own experience analyzing the problem at a previous company, "I was shocked at how much we were spending to try to maintain the build in our software product libraries," he said.
According to Hammond, "The last thing teams want to do is start messing with builds that are working. That's where what Coverity is doing starts to be interesting for teams. They want to get better and be modular, but they don't want to touch existing stuff without an idea of how evolving that will affect the build. So a build analysis to identify specific ways to improve [the process] is a natural step forward."
Coverity's Chelf said the intent is to improve the quality of the overall software system. "When the build doesn't do what it's supposed to do, the product doesn't work right," he said. "So you look for a problem in the code, but it may be in the build system itself."
Chelf said a build analysis would help determine if the build should be taking as long as it is, or if it could be done faster, for instance. "There are huge variations we've seen in how long builds take for similar-sized code bases," he explained.
Tracking down issues with the build is time-consuming, Chelf said. "For example, when you compile a file it gets an object file, and that gets linked in with other object files. The build system puts that all together, but if the build system is not constructed correctly, if you change the code it may not compile all the files it's supposed to. So you get a stale version, and even if the build doesn't break the developer is left with an executable to run through test cases that fails, but in reality the build was faulty. So you spend time tracking down a problem with the code, but then you realize you're using a stale version. Every developer has probably spent time with that."
Coverity Build Analysis is agnostic to build systems, Chelf said, so can be used with any existing build product.
While other products have some capabilities to address problems with the build itself, Forrester's Hammond said Coverity is unique in how it's tying the build analysis "into a large set of dependency analyses." He continued, "It's great to have these capabilities at the build part, but if you can link that with architectural analysis and pull it into an overall assessment, it gives me a higher level of insight into how good and robust the software will be."
Coverity Integrity Center, which includes Coverity Build Analysis, as well as Coverity Architecture Analysis, Coverity Dynamic Analysis and the Coverity Prevent static analysis product, "is designed to provide software integrity throughout the lifecycle," Chelf said. "People are wasting a lot of time fixing problems too late."
Coverity Integrity Center and Coverity Build Analysis are available now. Pricing for Integrity Center is based on a lines-of-code pricing model.
|
|
|
|
