Coverity Scan

Static Analysis

Find and fix defects in your Java, C/C++, C#, JavaScript, Ruby, or Python open source project for free

  • Test every line of code and potential execution path.
  • The root cause of each defect is clearly explained, making it easy to fix bugs
  • Integrated with

More than 4400 open source projects and 20000 developers use Coverity Scan


Updated Build Limits

Effective immediately, the build limits have been increased across all project sizes.

The number of weekly builds per project are as follows:

  • Up to 28 builds per week, with a maximum of 4 builds per day, for projects with fewer than 100K lines of code
  • Up to 21 builds per week, with a maximum of 3 builds per day, for projects with 100K to 500K lines of code
  • Up to 14 builds per week, with a maximum of 2 build per day, for projects with 500K to 1 million lines of code
  • Up to 7 builds per week, with a maximum of 1 build per day, for projects with more than 1 million lines of code
As before, once a project reaches the maximum builds per week, additional build requests will be rejected.


Coverity 8.7.0 has been released!

This release includes new/improved support for the Jack-and-Jill Android Toolchain. In addition, there a number of new checkers available for C#/Java/Android/Javascript.

The following improvements have been made:

  • Support for C++11 noexcept exception specifiers has been improved for implicitly declared special member functions.
  • Support for C++11 noexcept exception specifiers has been improved.
  • Added parsing support of C11 atomic feature.
  • Support for Clang modules has been added. It is no longer necessary to disable Clang modules support in native builds in order to capture a build.
  • Added support for clang version 3.9.
  • Uncaught exception defects will now be reported for functions declared with the C++11 noexcept exception specifier.
  • Apple Clang 8.0 is now supported.

All users who are experiencing build issues should upgrade to this version; a number of bugs have been fixed with this release.

WARNING: Linux users on kernel version 4.8.x and newer will need to apply a sysctl parameter to support our binaries. Without this parameter, our binaries will not work on your platform. This is a known issue which we will address with a future release.

# sysctl vsyscall=emulate


Version 7.6.0.x is no longer supported.

The current supported versions are:

  • 7.7.0.x (to be retired July 2017)
  • 8.5.0.x
  • 8.7.0.x

Users are encouraged to download the latest tools in Downloads.

Going forward, only the latest three releases will be supported. This means projects should be expected to update their tools approximately once a year (or more frequently if you want the latest features/support).


Interested in open source quality?

Check out what's happening with your favorite open source projects.

Find Your Project

Free Report

Agile Security Manifesto

Learn how adding four principles to your Agile process can help you integrate critical security measures in a natural, efficient way.

Get the eBook

Get Started in 3 Easy Steps


1. Sign up and register your project


2. Upload your build for analysis


3. View and fix your defects