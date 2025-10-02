The results: Effortless compliance and risk reduction

Effortless compliance with Coverity SAST

Complying with industry standards and regulations can be daunting, especially when finding and identifying code and ensuring its quality becomes progressively more difficult due to increasing development speeds. Knowing how to address violations after they are found can be even more daunting. Coverity SAST makes it easy to filter identified issues by category, view trend reports, prioritize remediation of vulnerabilities based on criticality, and most importantly, manage policy compliance across teams and projects.

CEVA was able to quickly integrate Coverity SAST into its CI/CD processes, and then demonstrate that it was satisfying industry regulation requirements. Leibovich found that Coverity SAST “increased code quality and security,” helped “find defects with a low false positive rate,” and “enforced coding standards like MISRA C and AUTOSAR C++.” Most importantly, Coverity SAST easily “integrated with [its] internally developed compiler,” meaning existing development activities were uninterrupted and unhindered by the addition of a new solution.

Reduced risk with Black Duck SCA

Without a complete picture of the code within an application portfolio—specifically open source—an organization risks exposing itself to security, license compliance, and code quality risks. License compliance violations can result in costly litigation or compromise an organization’s valuable intellectual property.

Black Duck SCA helped CEVA eliminate license compliance risk from its development environment. After investigating several tools, CEVA found that Black Duck SCA would be the easiest to integrate and the least disruptive to its thriving security program, while also delivering results right away. Leibovich said that Black Duck SCA “integrated open source identification and management within our SDLC” and helped “identify open source licenses in use”—all critical activities for minimizing risk associated with license noncompliance.

Black Duck helped CEVA bolster its security efforts and bring security into alignment with the quality of its solution offerings. And by increasing security and compliance efforts, CEVA has reinforced that customers can trust its products. Leibovich summarized the company’s new-found security posture, stating that “CEVA can show that we are working according to safety protocols, and we have no issues with customers due to open source usage. We can show code is going through a static analysis tool and [we] therefore [have] better-quality software. And we can show that CEVA is working according to safety protocols.”

Now, Coverity SAST and Black Duck SCA scans are initiated automatically within CEVA’s development pipelines. They are providing detailed reports that developers and managers can use to ensure security and compliance, allowing teams to focus on what they do best—developing the industry-leading processor and platform IP solutions they are known for.