Coverity Scan regularly goes down for hours or days.<p>In February of 2018 it was down for over a month with no word or ETA on when it would be fixed. I hadn't thought about it since then (we discontinued use), but researching it now they released a statement saying that it was hacked. There was not a single status update during the outage. <a href="https://www.theregister.co.uk/2018/03/19/coverity_scan_cryptomining/" rel="nofollow">https://www.theregister.co.uk/2018/03/19/coverity_scan_crypt...</a>
I wonder who the hosting provider was. I'm not seeing much in the news about one that "unexpectedly ceased operations", just the expected background news of scattered outages.
Coverity is really good. It is a pity some of its advances, effective in practice but not really "publishable", will forever remain as proprietary secret.<p>Source: I worked on static code analysis product and we extensively black-box tested Coverity.
Has anyone tried LGTM / Semmle QL for automated code review? They claim 100K OSS projects are using the service. It's a bit hard to find technical information on the product, but they have found CVEs in mainstream products, including iOS.<p><a href="https://lgtm.com" rel="nofollow">https://lgtm.com</a> & <a href="https://semmle.com/ql" rel="nofollow">https://semmle.com/ql</a>
> Coverity Scan is a free static code analysis tool for Java, C, C++, C# and JavaScript. It analyzes every line of code and potential execution path and produces a list of potential code defects.<p>There we go, I had no clue what this even was. Do a lot of people here use it?
Wouldn't it be great if professional websites will someday get to the level of non-professional websites? E.g. by giving this announcement page a proper title: "Coverity Scan Outage".<p>Update is a change, this is an outage.