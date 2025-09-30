The results: Code quality, security, and compliance

“Coverity SAST is a very powerful static analysis tool that can detect issues in almost all kinds of software builds,” Leclercq noted. “For example, cross-compilation—that is, where the build and host machines are not of the same architecture—is used extensively for Thales Space onboard satellite systems. Coverity SAST is very efficient at helping us analyze low-level code such as onboard C code used in flight satellite software.”

“Using Coverity SAST has helped enhance our mandate to ensure code quality and security, as well as to enforce our compliance with SEI-CERT coding standards for C, C++, and Java, and MISRA standards for C. Most importantly, Coverity SAST allows our developers to work on their essential tasks rather than having to allot time to identifying code defects.”

“Being able to detect and manage open source vulnerabilities early in the SDLC helps lower remediation costs,” Leclercq continued. “In addition to vulnerability management, we’ve also found Black Duck SCA very useful in determining the viability of open source projects—that is, ‘is the project we’re using being maintained and updated?’—as well as keeping track of licenses for IP compliance.”

Black Duck SCA has also provided Thales Alenia Space with the means to create and maintain a software Bill of Materials (SBOM) of the open source being used in its code. Visibility into code is an important need—nearly 100% of the aerospace industry’s codebases were found to contain open source, according to the annual “Open Source Security and Risk Analysis” report.

“We’ve also been very appreciative of the support we’ve received from Black Duck,” said Leclercq. “The ongoing support for Coverity SAST over the past few years has been really good. Whenever we’ve had a problem, the Coverity SAST support team has had a solution.”

“Black Duck SCA is still relatively new to us, and we received a lot of help from the Black Duck SCA support team to address some deployment issues we ran into. I’m happy to say Black Duck SCA is now working like clockwork.”