Coverity Scan

Static Analysis

Find and fix defects in your Java, C/C++, C#, JavaScript, Ruby, or Python open source project for free

  • Test every line of code and potential execution path.
  • The root cause of each defect is clearly explained, making it easy to fix bugs
  • Integrated with

More than 6100 open source projects and 29000 developers use Coverity Scan


Coverity SCAN upgrade in progress

2019 June 17

Project creation and access to triage data is disabled during the upgrade process.

Coverity Upgrade to 2019.03

2019 June 7

Attention SCAN users! We will begin upgrading the Coverity tools in SCAN on Monday, 17 June at 0900 MDT to make this free service even better. The SCAN team has been hard at work stabilizing the service and getting ready for this upgrade.

SCAN will be switched to read-only during the upgrade, locking registration and triage, and halting builds. Defect data may be unavailable at times. The upgrade is expected to take three to five days.

After the upgrade, a new version of the Coverity build package will be available for download. The old 8.7 version some users are still using will no longer work after the upgrade. Be sure to download the new build package.

Full details of new features are available at the Community Site.

Please Reset Your Password

2018 March 16

Beginning March 16th 2018, all registered SCAN users are required to reset their passwords before accessing their projects. Please update your password.


We've finally launched our new community site! If you have questions regarding SCAN or are looking for answers regarding our tools, feel free to post them here.



Coverity 2017.07 has been released!

There are an number of checker additions and improvements for node.js as well as updated language support.

The following improvements have been made:

  • Support for C# 7.
  • Support for VS 2017 compiler (version 19.10).
  • Support for clang 4.0.
  • Support for gcc 7.

All users who are experiencing build issues should upgrade to this version; a number of bugs have been fixed with this release.

WARNING: Linux users on kernel version 4.8.x and newer will need to apply a sysctl parameter to support our binaries. Without this parameter, our binaries will not work on your platform. This is a known issue which we will address with a future release.

# sysctl vsyscall=emulate

Supported Versions

Versions 7.7.0.x and older are no longer supported.

The current supported versions are:

  • 8.5.0.x (to be retired January 2018)
  • 8.7.0.x
  • 2017.07

Users are encouraged to download the latest tools in Downloads.

Going forward, only the latest three releases will be supported. This means projects should be expected to update their tools approximately once a year (or more frequently if you want the latest features/support).

Updated Build Limits

Effective immediately, the build limits have been increased across all project sizes.

The number of weekly builds per project are as follows:

  • Up to 28 builds per week, with a maximum of 4 builds per day, for projects with fewer than 100K lines of code
  • Up to 21 builds per week, with a maximum of 3 builds per day, for projects with 100K to 500K lines of code
  • Up to 14 builds per week, with a maximum of 2 build per day, for projects with 500K to 1 million lines of code
  • Up to 7 builds per week, with a maximum of 1 build per day, for projects with more than 1 million lines of code
As before, once a project reaches the maximum builds per week, additional build requests will be rejected.

Interested in open source quality?

Check out what's happening with your favorite open source projects.

Find Your Project

Free Report

Agile Security Manifesto

Learn how adding four principles to your Agile process can help you integrate critical security measures in a natural, efficient way.

Get the eBook

Get Started in 3 Easy Steps


1. Sign up and register your project


2. Upload your build for analysis


3. View and fix your defects