CIO Influence
CIO Influence News Machine Learning Security

Black Duck Accelerates Coverity with AI-Powered Enhancements and EU CRA-Ready Capabilities

Black Duck Accelerates Coverity with AI-Powered Enhancements and EU CRA-Ready Capabilities

Black Duck Logo

New features enable teams to maximize AI-assisted development, streamline vulnerability triage, and meet with emerging security and compliance requirements

Black Duck, the leader in AI-powered application security, unveiled new capabilities across its Coverity® static analysis solution.  The updates advance AI-powered development and security capabilities, support compliance workflows for the EU Cyber Resilience Act (CRA) and other emerging regulations, and deliver a range of user experience enhancements.

Together, the updates mark the arrival of Coverity’s first AI-powered features into customer hands, extend Coverity into modern AI-assisted development workflows, and give security and development teams the ability to prioritize findings by security impact, directly supporting conformance with emerging regulatory obligations.

Coverity’s new AI capabilities are also designed to run on the customer’s own LLM of choice, giving organizations full control over where their code and scan data are processed, a critical requirement for regulated industries and enterprises with strict data governance policies.

Also Read: CIO Influence Interview with Hugo Dozois-Caouette, CTO and Co-founder at MaintainX

Deterministic Static Analysis, Now Amplified by AI

Each of the AI-powered capabilities below is designed to operate with the customer’s own LLM, so organizations retain control over model choice, data residency, and audit trails, extending Coverity’s long-standing commitment to trust and transparency into the AI era.

  • AI-Assisted Issue Triage: This feature is optimized for triage of C and C++ findings, which can be prone to higher levels of false positives, while also delivering significantly improved issue triage across all other supported languages.
  • Security Scan MCP Server for AI Coding Agents: A new Model Context Protocol server enables AI coding agents to run local Coverity scans and surface security and quality issues in-context, bringing Coverity’s deterministic, reproducible scan results into agentic workflows so AI coding agents act on verified truth, not probabilistic guesses.
  • New AI-Powered IDOR Vulnerability Detection: A new security checker that identifies Insecure Direct Object Reference (IDOR) vulnerabilities in JavaScript and TypeScript code. This class of flaw arises when applications expose internal identifiers (e.g., user IDs, database keys, filenames) without verifying authorization before performing an action.

Purpose-Built Capabilities to Support CRA Readiness

With the CRA vulnerability management reporting countdown underway, Coverity is delivering foundational capabilities that help align scan results with regulatory expectations:

  • New Security Impact Lens: Users can now sort and filter issues by security priority, bringing the same rigor to security prioritization that Coverity has long offered for code quality. This lens directly supports conformance with the CRA.
  • CRA-Aligned Checker Option: A new option enables checkers that support organizations’ efforts to meet both the vulnerability management and cybersecurity obligations of the new CRA regulations, so scan results are aligned to these requirements out of the box.

Rust Programming Language Support

Coverity now analyzes Rust 1.92, extending quality and security analysis support to one of the fastest-growing systems programming languages.

A Streamlined Experience for Faster, Focused Triage

A new Coverity user interface streamlines the workflows customers use most. Refreshed navigation, smarter issue filtering, and a more efficient triage experience help teams cut through large volumes of findings with less friction.

“Coverity has set the gold standard for static analysis for more than two decades, and we’re raising the bar by pairing its deterministic precision with the speed of AI, meeting customers where modern software development is heading,” said Dipto Chakravarty, Chief Product & Technology Officer at Black Duck. “Code today is written, reviewed, and shipped by agents, and businesses have to move at machine speed to stay ahead. These updates deliver exactly that: AI that slashes triage time without sacrificing auditability, an MCP server that brings Coverity into agentic developer workflows, and new lenses and checkers that make CRA readiness operational, not aspirational.”

Catch more CIO Insights: What Does “Job-Ready” Really Mean in IT and Cybersecurity?

[To share your insights with us, please write to psen@itechseries.com ]

Related posts

Qumulo Launches Recover Q to Help Defend Enterprises Against Ransomware Attacks

CIO Influence News Desk

Chethan Visweswar Joins the Movius Executive Team

PR Newswire

FriendliAI Launches Public Beta of PeriFlow Cloud

Business Wire