Sorry, not available in this language yet

English
日本語
简体中文

AI-generated code | Harness the power of AI coding assistants while managing the risks.
API Security Testing | Manage software risks with a holistic API security testing program.
AppSec Program Consolidation | Simplify your application security program.
Application Security Testing | Solutions to address security risks at all stages of the application life cycle.
DevSecOps | Solutions to help shift security left without slowing down your development teams.
Software Supply Chain Security | Solutions to identify and manage software supply chain risks end-to-end.
Manage Enterprise AppSec Risk | Scale your application security program without increasing complexity or adding friction.
Cloud & Container Security | Optimize your applications for secure deployment and operation in the cloud.
Open Source License Compliance | Effective solutions for ensuring open source license compliance.
M&A Due Diligence | Identify software risks that could negatively impact the value of acquired IP.
Quality and Security Standards Compliance | Ensure your software complies with the standards critical to customers and regulators.

Static Analysis (SAST) | Analyzing code for security vulnerabilities without executing it.
Software Composition Analysis (SCA) | Analyzing software components for security and license compliance.
Dynamic Analysis (DAST) | Testing running applications for security vulnerabilities.
Interactive Analysis (IAST) | Real-time security testing during application execution.
Penetration Testing | Simulated cyberattacks to identify vulnerabilities.
Mobile Application Security Testing (MAST) | Ensuring the security of mobile applications.
Application Security Posture Management (ASPM) | Managing and improving application security posture.
Fuzz Testing Solutions | Identifying vulnerabilities by inputting random data to applications.

Automotive | Security solutions for automotive industry applications.
Financial Services | Security solutions tailored for financial services.
IoT & Embedded | Security for Internet of Things and embedded systems.
Medical Devices | Security solutions for medical devices.
Public Sector | Security solutions for government and public sector organizations.

Dev and DevOps Teams | Security tools and practices for development and DevOps teams.
Security Teams | Solutions and support for dedicated security teams.
Legal Teams | Resources and compliance tools for legal teams.

Ensuring Software Reliability and Security from Design Through Development

The challenge: Addressing code quality and security

Governments and companies alike rely on Thales Alenia Space, Europe’s largest satellite manufacturer, for satellite-based systems that are used for navigation, Earth observation, space exploration, and to help connect everyone everywhere.

“Thales has a corporate mandate that cybersecurity risk will be addressed at every level of application creation,” said Nicolas Leclercq, product security officer for software engineering at Thales Alenia Space. “Our focus is on ensuring that the code we develop in-house does not include defects that may be lead to vulnerability and exploit by attackers. We base our coding rules on SEI CERT, an internationally recognized coding standard to improve the reliability and security of software from design through development.”

“As product security officer, my role encompasses helping our groups set the level of cybersecurity they want and to promote the right security tools to introduce into our continuous integration pipeline,” Leclercq added. “We have a corporate group focused on identifying the best tools we can use to meet internal and industrial standards. That group recommended Black Duck as having the right set of tools to implement our security practices.”

Whether a software factory or restricted/confidential environments, Coverity SAST is available to all Thales Alenia Space France employees and projects."

Nicolas Leclercq

Thales Alenia Space

The solution: Coverity SAST and Black Duck SCA

“Black Duck^® Coverity^® Static Analysis (SAST) helps Thales Alenia Space ensure that the software we develop in-house does not include coding defects. We use Coverity SAST to help maintain code quality and to comply with industrial standards such as MISRA and the HIS Metriken set.”

A fast, accurate, and highly scalable static analysis testing solution, Coverity SAST helps Thales Alenia Space development and security teams address security and quality defects early in the software development life cycle (SDLC). It also helps development and security teams track and manage risks and ensure compliance with security and coding standards.

“Coverity SAST is primarily used in our automatic continuous integration pipeline,” said Leclercq. “The pipeline is fully automated to help developers focus on essential tasks. Currently, we serve more than 200 projects and are testing several million lines of code. Any code commit automatically triggers a Coverity analysis.”

“[The flexibility of] Coverity server deployment and licensing allows us to deploy many instances matching the diversity of our environments. Whether a software factory or restricted/confidential environments, Coverity SAST is available to all Thales Alenia Space France employees and projects,” Leclercq said.

Introduced in June 2021, Black Duck^® SCA (software composition analysis) is still relatively new at Thales Alenia Space. “Black Duck SCA’s signature scanner’s ability to detect open source components in multiple ways is a unique and useful feature,” said Leclercq. “As with our Coverity SAST deployment, any introduction of a new artifact or when dependencies are modified will trigger a Black Duck SCA scan. We’re currently supporting approximately 100 projects with Black Duck SCA, and expect to reach the same number of projects as our Coverity SAST deployment by the end of 2022.”

Being able to detect and manage open source vulnerabilities early in the SDLC helps lower remediation costs."

Nicolas Leclercq

Thales Alenia Space

The results: Code quality, security, and compliance

“Coverity SAST is a very powerful static analysis tool that can detect issues in almost all kinds of software builds,” Leclercq noted. “For example, cross-compilation—that is, where the build and host machines are not of the same architecture—is used extensively for Thales Space onboard satellite systems. Coverity SAST is very efficient at helping us analyze low-level code such as onboard C code used in flight satellite software.”

“Using Coverity SAST has helped enhance our mandate to ensure code quality and security, as well as to enforce our compliance with SEI-CERT coding standards for C, C++, and Java, and MISRA standards for C. Most importantly, Coverity SAST allows our developers to work on their essential tasks rather than having to allot time to identifying code defects.”

“Being able to detect and manage open source vulnerabilities early in the SDLC helps lower remediation costs,” Leclercq continued. “In addition to vulnerability management, we’ve also found Black Duck SCA very useful in determining the viability of open source projects—that is, ‘is the project we’re using being maintained and updated?’—as well as keeping track of licenses for IP compliance.”

Black Duck SCA has also provided Thales Alenia Space with the means to create and maintain a software Bill of Materials (SBOM) of the open source being used in its code. Visibility into code is an important need—nearly 100% of the aerospace industry’s codebases were found to contain open source, according to the annual “Open Source Security and Risk Analysis” report.

“We’ve also been very appreciative of the support we’ve received from Black Duck,” said Leclercq. “The ongoing support for Coverity SAST over the past few years has been really good. Whenever we’ve had a problem, the Coverity SAST support team has had a solution.”

“Black Duck SCA is still relatively new to us, and we received a lot of help from the Black Duck SCA support team to address some deployment issues we ran into. I’m happy to say Black Duck SCA is now working like clockwork.”

“Using Coverity SAST has helped enhance our mandate to ensure code quality and security as well as to enforce coding standards."

Nicolas Leclercq

Thales Alenia Space

Download the PDF

Company Overview

A business unit of the Thales Group, Thales Alenia Space delivers cost-effective solutions for telecommunications, navigation, Earth observation, environmental management, exploration, and science and orbital infrastructures. Thales Alenia Space has approximately 8,900 employees in 10 countries and posted consolidated revenues of approximately €2.15 billion in 2021.

Ensuring Software Reliability and Security from Design Through Development

The challenge: Addressing code quality and security

The solution: Coverity SAST and Black Duck SCA

The results: Code quality, security, and compliance

Company Overview

Related content

Build Security Into Your SDLC With Coverity

DevSecOps Strategy Guide

Coverity Static Analysis Datasheet

Gartner® Magic Quadrant™ for Application Security Testing

The Forrester Wave™: SAST, Q3 2023

Holistic Application Security with Coverity and Black Duck