Test Title

Coverity on Polaris 2024.9.0 Release

Scheduled Maintenance Report for Staging

Completed

The scheduled maintenance has been completed.

Posted Oct 20, 2024 - 16:00 EDT

In progress

Scheduled maintenance is currently in progress. We will provide updates as necessary.

Posted Oct 20, 2024 - 10:00 EDT

Scheduled

On Sunday, October 20, 2024, the Coverity on Polaris SaaS production systems will be upgraded to version 2024.9.0 during a scheduled maintenance window of 8am to 2pm Eastern Time.

What's new???
Support for Coverity version 2024.9.0 with the following updates:
- Kotlin 2.0.
- Python 3.12.
- Android NDK r27 (Android NDK Clang up to 18.0.1).
- New API safety and hardcoded secret checks for Kotlin and Python. (Note: These new checkers could result in new issues found compared to previous scans.)
- The new report_bit and option of the OVERRUN checker reports a defect if the index expression used in an array access is the result of a bitwise AND operation and the value of the mask used in the bitwise AND operation indicates the index may be out of bounds.
- New or updated checker support for C/C++ :
- OVERRUN checker now reports cases when a receiving buffer of a scanf-type function could be overrun.
- OVERRUN checker now reports fewer false positives related to strlen function calls.
- Support for std::rend in the INVALIDATE_ITERATOR checker.
- Updates to the OVERRUN checker to report when a call to scanf contains a width specifier that might cause an overrun of the destination buffer.
- Token patterns via CodeXM allowing ability to match preprocessor directives.
- USE_AFTER_MOVE checker improvements to report cases where a function returns after moving a reference parameter.
- New or updated checker support for C# :
- Support for the SESSION_FIXATION checker.
- Ability to detect 'password' keywords for C# through the Sigma engine. The recognition of the keyword happens with or without its usage.
- New or updated checker support for Go :
- Support for the SESSION_FIXATION checker.
- New or updated checker support for Visual Basic :
- Added support for the SESSION_FIXATION checker.

"Not Specified" has been added as a category of issue severities in reports so that the issue severities and counts will match in your reports and dashboard.
- Note: This update is for the Coverity on Polaris main platform only and is not yet available in the Reporting Platform.

Migration to Black Duck and important notes for Coverity on Polaris customers
- The Synopsys Software Integrity Group (SIG) is now Black Duck Software, Inc
- Coverity on Polaris branding updates including URL domain changes, reporting/email template updates, and UI changes will be done in an upcoming minor release
- In preparation for the upcoming change, please update allow list to add the following URLs and IP addresses to help with the transition:
- https://tools.cop.blackduck.com (IP address 34.49.24.155)
- https://storage-us.cop.blackduck.com (IP address 130.211.21.249)
- https://storage-eu.cop.blackduck.com (IP address 34.36.253.210)
- https://.cop.blackduck.com (no change to IP address)
- With the 2024.9.0 release, Coverity on Polaris will send automated emails via noreply@blackduck.com.
- Please update spam filters and email automation scripts to include noreply@blackduck.com to avoid interruptions.
- Additional URL changes of note include:
- https://sig-repo.synopsys.com is now https://repo.blackduck.com/.
- https://community.synopsys.com/s/ is now https://community.blackduck.com/.
- Learning and support resources have moved:
- Black Duck Community: https://community.blackduck.com/.
- Black Duck Academy: http://blackduck.skilljar.com/.
- Black Duck on YouTube: https://www.youtube.com/@BlackDuckSoftware.
- Find documentation for other Black Duck products here: https://documentation.blackduck.com/.
- Please see Black Duck Domain Change FAQ for more information including updates as they occur

Deprecations:
Support for the following is deprecated and will be removed in a future release:
- Coverity 2023.12.1
- Kotlin 1.9
- Open/Oracle JDK 22
- .NET 6
- macOS 12
- Go 1.21
- LLVM Clang 9.0
- fs_capture_build_options (Note: No action is required as arguments will automatically be translated to a comparable capture mechanism)

Removal of support:
Support for the following will be removed with this release:
- Coverity 2023.9.2
- Kotlin 1.8

Posted Oct 15, 2024 - 15:59 EDT

This scheduled maintenance affected: Integration Services, Reporting Services, Rest Services, SCAN Services, UI Services, and BLA.