Tuesday, September 30, 2014

Coverity Code Spotter Beta

Earlier this summer, it was announced on the Coverity Blog and via Andy Chou's Tweet that Coverity Code Spotter Beta is available. That 8 July 2014 blog post describes Coverity Code Spotter as "a free and simple to use cloud-based service built upon Coverity source code analysis technology for finding often hard-to-detect bug-causing issues in Java source code." The blog post also states that "for the duration of the beta period, participants are welcome to upload as much code as they would like and submit builds for analysis as often as they would like.

Yesterday's (29 September 2014) press release (issued in conjunction with JavaOne 2014), "Coverity Launches Code Spotter™ in Free Beta Version to Speed Defect Detection in Java Code," restates some of these observations regarding Coverity Code Spotter. It states, "Built on Coverity’s static code analysis technology, Code Spotter is available for free to the software development community during the beta period." The press release, like the July blog post, describes the types of issues in Java code that Code Spotter detects: "the most common and critical issues in Java code bases, including resource leaks, race conditions, concurrency issues, control flow issues, null pointer dereferences, issues detected by the open source FindBugs tool, copy and paste errors, and many other software defects resulting in incorrect or unpredictable program behavior."

Dennis Chu, Senior Product Manager for Coverity, provided answers to some questions I had. Those questions and answers are shown next.

Q: Is this free for open source and proprietary code bases?
A: Yes, both open source and proprietary Java codes bases can utilize Code Spotter without any limitations during the beta period.

Q: Is the uploaded code made available in any way to others?
A: The uploaded code is kept completely private.

Q: Are the analysis results of the uploaded code available for others with traceability to the code that was analyzed?
A: It is currently possible for a user to download analysis results (which include issues detected as well as code snippets that help understand these issues) and share them with anyone they wish. We are working on a set of team-oriented features that would allow users publish their results to other users within the Code Spotter application.

Q: How long does the uploaded code remain on Coverity's cloud? Can it be completely removed if desired?
A: The code can be completely removed with a click of a button. By default, the code and the results are removed within 30 days of analysis completion. Further, the code is not actually stored on Coverity servers. Instead, the code (and the analysis results) are stored in Amazon's S3 under tight access control.

There is more description on Code Spotter Beta in Chu's blog post Code Spotter Beta: Now Available For Everyone!

No comments: