International Cyber Expo International Cyber Expo
  • About Us
Tuesday, 14 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Black Duck Adds AI-Powered Triage and CRA-Ready Checks to Coverity Static Analysis

New MCP server and IDOR detector aim to bring deterministic scan results into agentic coding workflows, as vendor positions Coverity for incoming EU Cyber Resilience Act obligations.

by Guru Writer
July 14, 2026
in News
Black Duck Adds AI-Powered Triage and CRA-Ready Checks to Coverity Static Analysis
Share on FacebookShare on Twitter

Black Duck has rolled out a set of AI-driven and compliance-focused updates to Coverity, its static application security testing (SAST) tool, as the application security vendor looks to align the two-decade-old product with both the rise of AI-assisted coding and tightening European regulation.

The release marks the first time AI-powered features have shipped in Coverity, and Black Duck was keen to stress that the new capabilities can be run against a customer’s own choice of large language model, rather than a vendor-hosted service. The company said this was designed to give security and development teams control over where code and scan data are processed, a point it framed as particularly relevant for regulated industries and organisations with strict data governance requirements.

AI features aimed at cutting false positives

Chief among the additions is an AI-assisted issue triage capability, which Black Duck says is tuned to reduce false positives in C and C++ findings, a long-standing pain point for teams working in those languages, while also improving triage accuracy across the rest of Coverity’s supported languages.

Coverity has also gained a Model Context Protocol (MCP) server, allowing AI coding agents to trigger local Coverity scans and pull security and quality findings directly into their workflow. Black Duck’s pitch is that this lets agentic tools act on deterministic, reproducible scan output rather than relying purely on a model’s own probabilistic judgement of whether code is safe.

A new checker adds AI-powered detection of Insecure Direct Object Reference (IDOR) flaws in JavaScript and TypeScript codebases. IDOR vulnerabilities occur when an application exposes internal identifiers, such as user IDs, database keys or filenames, without properly checking that the requester is authorised to access them, a class of bug that has featured heavily in API-related breach disclosures.

Positioning for the Cyber Resilience Act

With reporting deadlines under the EU Cyber Resilience Act approaching, Black Duck used the update to introduce two compliance-oriented features. A new Security Impact Lens lets users sort and filter findings by security priority, bringing to security triage the kind of prioritisation Coverity has historically applied to code quality issues. Alongside it, a CRA-aligned checker option is intended to map scan results more directly to the vulnerability management and cybersecurity obligations set out in the regulation.

The update also extends language coverage to Rust 1.92, and introduces a refreshed user interface with reworked navigation and issue filtering, which Black Duck says is intended to speed up triage for teams working through large volumes of findings.

“Coverity has set the gold standard for static analysis for more than two decades, and we’re raising the bar by pairing its deterministic precision with the speed of AI, meeting customers where modern software development is heading,” said Dipto Chakravarty, Chief Product & Technology Officer at Black Duck.

“Code today is written, reviewed, and shipped by agents, and businesses have to move at machine speed to stay ahead,” Chakravarty added, arguing the update delivers AI-driven triage without sacrificing auditability, agentic workflow integration via the MCP server, and tooling that makes CRA readiness “operational, not aspirational.”

Black Duck said all of the new capabilities are now generally available to existing Coverity customers, who gain access to the AI-powered features without changes to the deterministic, auditable scanning the product is built around. Further detail is available via the Coverity Documentation Portal.

ShareTweet
Previous Post

AI has crossed from assistant to operator, Check Point research warns

Recent News

Black Duck Adds AI-Powered Triage and CRA-Ready Checks to Coverity Static Analysis

Black Duck Adds AI-Powered Triage and CRA-Ready Checks to Coverity Static Analysis

July 14, 2026
AI Appreciation Day: Celebrating Progress, Embracing Responsibility

AI has crossed from assistant to operator, Check Point research warns

July 14, 2026
Q&A: Cyber’s Headed Back to the CSIDES

Q&A: Cyber’s Headed Back to the CSIDES

July 13, 2026

UK Cyber Attacks Climb 34% as Ransomware Leadership Shifts, Check Point Research Reveals

July 13, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol