Case Study: MEGA International achieves holistic application security and fixes 40,000 defects with Synopsys Coverity and Black Duck

MEGA International Holistic Application Security with Coverity and Black Duck

MEGA International, a global leader in enterprise architecture and maker of the HOPEX Platform, needed to validate the quality, security, and compliance of more than 5 million lines of legacy and modern code used by major financial, services, and government customers. The company also required continuous visibility into third‑party and transitive open‑source components to build a software bill of materials (BOM) and demonstrate secure data handling to SOC 2 auditors.

MEGA deployed Synopsys Coverity for static analysis and Black Duck for software composition analysis; Coverity identified stability issues and root causes while Black Duck discovered 1,700+ external components and 70 license types. Integrated into CI, the solution enabled faster risk prioritization and license management, supported a shift‑left approach and code housekeeping, and helped MEGA fix roughly 40,000 defect instances since starting the engagement in 2017.

MEGA International

Philippe Bobo

Head of Research and Development