Black Duck Coverity (REST)
Black Duck Coverity (REST) is an application security tool that scans your organization's code projects for defects. You can bring defect, project, and stream data from Coverity into Brinqa to gain a unified view of your attack surface, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Coverity and how to obtain that information from Coverity. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Black Duck Coverity (REST) from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Black Duck Coverity with Brinqa:
-
Server URL: Your organization's Black Duck Coverity server URL. The default URL format is
https://<server_name>. -
Username and Password: The username and password associated with the Black Duck Coverity account, which must have permissions to log in to the API server and return data. For additional information, see Create a Coverity user account.
Create a Black Duck Coverity user account
For the Black Duck Coverity (REST) connector to use the Coverity API, Brinqa recommends creating a dedicated user account in Black Duck Coverity with the appropriate role to retrieve data. To create the user account, follow these steps:
-
Log in to your organization's Black Duck Coverity server as an administrator.
-
Navigate to Configuration > Users & Groups.
-
Click Add and create a new user account.
Complete the Username, First name, Last name, Email, and Password fields. Leave the remaining fields as-is.
-
Click Create.
The new user account is now created but does not yet have any assigned roles or permissions. To assign a role to the user, follow these steps:
-
In the Users & Groups section, locate the newly created user account in the list.
-
Select the account, click the Roles tab, then click Edit under the Global scope.
Roles assigned under the Global scope apply across all projects. If your organization enforces project-specific permissions, ensure that the user account has access to all relevant data scopes. For additional information on roles and access management, see the Coverity documentation on roles and role-based access control
-
Select the Observer role from the list of available roles.
The Observer role is considered the minimum role required to access the Coverity API and retrieve data.
-
Click OK, then click Done to ensure that you save your changes.
If you do not have permissions to create a new account or assign roles, contact your Black Duck Coverity administrator. For additional information, see the Black Duck Coverity documentation on configuring users and roles.
(Optional) Create a Black Duck Coverity service account
In addition to creating a new user account with the Observer role, you can also create and assign a service account to your project(s) in Black Duck Coverity. A service account is a dedicated account that is used for automated processes and integrations, such as the Black Duck Coverity (REST) connector. For additional information, see Black Duck Coverity documentation on how to create a service account and assign it to a project.
Additional settings
The Black Duck Coverity (REST) connector contains additional options for specific configuration:
-
Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.
-
Parallel requests: The maximum number of parallel API requests. The default setting is 4.
-
Maximum retries: The maximum number of times that the integration attempts to connect to the Coverity API before giving up and reporting a failure. The default setting is 5.
-
Skip certificate verification: Select this option to allow for untrusted certificates.
-
Request timeout (ms): The time allotted, in milliseconds, before a request times out. The minimum is 60,000 milliseconds (1 minute), the maximum is 3,600,000 milliseconds (1 hour), and the default setting is 300,000 milliseconds (5 minutes). Although it is not recommended, you can also enter zero (0) to disable timeouts.
Types of data to retrieve
The Black Duck Coverity (REST) connector can retrieve the following types of data from the Coverity API:
Table 1: Data retrieved from Black Duck Coverity
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Defect | Yes | Static Code Finding |
| Defect Type | Yes | Static Code Finding Definition |
| Project | Yes | Code Project |
| Stream | Yes | Code Repository |
The Black Duck Coverity (REST) connector does not currently support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from Black Duck Coverity (REST) in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Defect
Table 2: Defect attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| ACTION | Local variable |
| CATEGORIES | categories |
| CLASSIFICATION | Local variable |
| COMPONENT | Local variable |
| EVENTS | Local variable |
| EXTERNAL_REFERENCE | Local variable |
| FILE_NAME | fileName |
| FIRST_FOUND | firstFound |
| FIRST_SNAPSHOT_DATE | Local variable |
| FIRST_SNAPSHOT_DESC | Local variable |
| FIRST_SNAPSHOT_ID | Local variable |
| FIRST_SNAPSHOT_STREAM | Local variable |
| FIRST_SNAPSHOT_TARGET | Local variable |
| FIRST_SNAPSHOT_VERSION | Local variable |
| FIX_TARGET | Local variable |
| FUNCTION_NAME | Local variable |
| LAST_FIXED | lastFixed |
| LAST_FOUND | lastFound |
| LAST_SNAPSHOT_DESC | Local variable |
| LAST_SNAPSHOT_ID | Local variable |
| LAST_SNAPSHOT_STREAM | Local variable |
| LAST_SNAPSHOT_TARGET | Local variable |
| LAST_SNAPSHOT_VERSION | Local variable |
| LAST_TRIAGED | Local variable |
| LEGACY | Local variable |
| MERGE_KEY | Local variable |
| NAME | name |
| OCCURRENCES | Local variable |
| OWNER | Local variable |
| OWNER_NAME | Local variable |
| PROJECT_ID | Local variable |
| PROJECT_NAME | Local variable |
| PROVIDER_STATUS | providerStatus |
| RESULTS | results |
| SEVERITY | severity |
| SOURCE_STATUS | sourceStatus |
| STATUS | status |
| STATUS_CATEGORY | statusCategory |
| TARGETS | targets |
| TYPE | type |
| UID | uid |
Defect Type
Table 3: Defect Type attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| CATEGORIES | categories |
| CHECKER | Local variable |
| CWE_IDS | cweIds |
| IMPACT | Local variable |
| LANGUAGES | languages |
| NAME | name |
| SEVERITY | severity |
| SEVERITY_SCORE | severityScore |
| SOURCE_SEVERITY | sourceSeverity |
| UID | uid |
| WEAKNESSES | weaknesses |
Project
Table 4: Project attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| CATEGORIES | categories |
| DESCRIPTION | description |
| NAME | name |
| SOURCE_CREATED_DATE | sourceCreatedDate |
| SOURCE_LAST_MODIFIED | sourceLastModified |
| STATUS | status |
| UID | uid |
Stream
Table 5: Stream attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| CATEGORIES | categories |
| DESCRIPTION | description |
| LANGUAGES | languages |
| NAME | name |
| OUTDATED | Local variable |
| PROJECT_NAME | Local variable |
| PROJECTS | projects |
| STATUS | status |
| UID | uid |
APIs
The Black Duck Coverity (REST) connector uses the Coverity Platform REST Web Services API. Specifically, it uses the following endpoints:
Table 6: Black Duck Coverity (REST) API Endpoints
| Connector Object | API Endpoints |
|---|---|
| Defect | POST https://<hostname>/api/v2/issues/search |
| Defect Type | POST https://<hostname>/api/v2/issues/search |
| Project | GET https://<hostname>/api/v2/projects?locale=en_US&queryType=bySnapshot&includeColumnLabels=false |
| Stream | GET https://<hostname>/api/v2/projects/{projectName}/streams?locale=en_US& |
GET https://<hostname>/api/v2/projects?locale=en_US&queryType=bySnapshot&includeColumnLabels=false |
Changelog
The Black Duck Coverity (REST) connector has undergone the following changes:
This connector is part of a bundled release with other connectors from the same vendor. If a version shows "No change", it means that the connector version was updated for consistency as part of the bundle, but no functional changes were made to this specific connector. You can update to or skip this version without affecting your existing configuration.
Table 7: Black Duck Coverity (REST) connector changelog
| Version | Description | Date Published |
|---|---|---|
| 3.2.2 | Added CATEGORIES and STATUS attributes in the Stream object. | December 24th, 2025 |
| 3.2.1 | Initial Integration+ release. | November 25th, 2025 |