Coverity Reviews

Name: Coverity
Brand: Black Duck
Rating: 4 (41 reviews)

3.9 out of 5

41 reviews
88% willing to recommend

346 followers

What is Coverity?

Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts.

Get the Coverity Buyer's Guide and find out what your peers are saying about Coverity, SonarQube Server (formerly SonarQube), Veracode and more!

Coverity is the #4 ranked solution in AST tools. PeerSpot users give Coverity an average rating of 7.8 out of 10. Based on the analysis of the 41 most recent Coverity reviews, the overall sentiment is positive, with a sentiment score of 6.5. (Among the lowest in the category). Coverity is most commonly compared to SonarQube Server (formerly SonarQube): Coverity vs SonarQube Server (formerly SonarQube). Coverity is popular among the large enterprise segment, accounting for 77% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a manufacturing company, accounting for 32% of all views.

Helped 814,649 peers since 2012

Featured reviews

Md. Shahriar Hussain

Cyber Security Chartered Engineer at Banglalink

The solution can be easily setup but requires heavy integration due to the multiple types of port and programming languages involved. Comparing the resource requirements of the solution I would say it can be installed effortlessly. I would rate the initial setup an eight out of ten. A professional needs some pre-acquired knowledge to manage Coverity's deployment process, but the local solution partners provide support well enough for trouble-free deployment. The overall deployment process of Coverity took around two and a half hours in our organization. The deployment duration depends upon the operating system and resources including high-end RAM and CPU processors.

Read full review

Arun Dahiphale

Technical Architect at Elastic Care Inc

The scan of the repository has been most effective in identifying critical vulnerabilities. The product provided visibility over security-related issues like hard coding and values getting exposed in a log. It helped us resolve difficult issues. With CI/CD integration, we could scan the incremental commits done by different developers. We were able to report them, and the developers were able to fix them. The product identifies the issues and has an informative dashboard that gives us strains of incremental issues and resolutions. It also keeps track of whether the reported issues were fixed and what the resolution was. Sometimes, we find duplicate issues. Those were very well managed from the dashboard. Our primary requirement was for compliance, and it was good. The reports were significant and looked very professional.

Read full review

Sasmit Patil

Lead Information Security at GEP Worldwide at ReBIT

The use case is basically the code-scanning activity we perform. It helps us identify security vulnerabilities in the development phase. It aids in mitigating security risks in the initial phase of software development, so the potential risks become minimal. Those are the main use cases for this…

Read full review

Coverity mindshare

As of November 2024, the mindshare of Coverity in the Static Application Security Testing (SAST) category stands at 8.4%, up from 7.2% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Static Application Security Testing (SAST)

Key learnings from peers

Last updated Nov 5, 2024

Valuable Features

Coverity's most valuable features include its low false positive rate, fast scanning, and integration with CI/CD tools like Jenkins and GitLab. Users appreciate its ability to identify vulnerabilities, provide detailed reports, and offer code analysis and remediation guidance. Its user-friendly interface and customizable options enhance developer workflows. Coverity supports early-stage analysis, has excellent compatibility with IDEs, and offers deployment flexibility with Docker and Kubernetes, making it ideal for comprehensive security and code quality improvement.

"The most valuable feature of Coverity is its interprocedural analysis, which is advantageous because it compares favorably with other tools in terms of security and code analysis."
"It help us identify the latest security vulnerabilities."
"What I find most effective about Coverity is its low rate of false positives. I've seen other platforms with many false positives, but with Coverity, most vulnerabilities it identifies are genuine. This allows me to focus on real issues."

Room for Improvement

Coverity users identified several areas for improvement including the need for a robust and customizable reporting engine, and the integration with popular IDEs. Enhancements in the user interface, ease of use, and expanded language support are also suggested. Many users indicated a desire for more accurate detection and reduction in false positives. Price concerns were noted, and improved compatibility with tools like SonarQube was emphasized. There was also feedback on the need for better SCM integration and faster updates to align with evolving standards.

"Coverity's implementation cycle is very slow when integrating changes, especially for problems related to event handling and memory leaks."
"Zero-day vulnerability identification can be an add-on feature that Coverity can provide."
"The solution needs to improve its false positives."

ROI

Coverity increases staff productivity, improves work efficiency by approximately 20%, and identifies defects early in the development process, reducing costs. Organizations value the IDE plugin that detects critical defects during code writing. Some have derived value over ten years by continuously assessing their tech stack, retaining Coverity unless a superior option presents more value. Although one organization claims no return on investment, many benefit from early detection of security risks and making secure products.

Pricing

Enterprises find Coverity's pricing expensive, with costs typically based on user count rather than lines of code, making it suitable for smaller development teams. Licensing is generally annual but customizable based on organizational needs. Users report mixed experiences, noting the expense compared to alternatives like SonarQube. Though some appreciate the quality and flexibility, affordability remains a concern, with some rating affordability low. Enterprises often negotiate terms, especially for larger license volumes. Pricing insights vary, reflecting diverse enterprise experiences.

"The solution's pricing is comparable to other products."
"Depending on the usage types, one has to opt for different types of licenses from Coverity, especially to be able to use areas like report viewing or report generation."
"I would rate Coverity's pricing as a nine out of ten. It's already very expensive, and it's a problem for us to get more licenses due to the price. The pricing model has some good aspects - for example, a personal license gives access to all languages without code limitations, which is better than some competitors. However, it's still a lot of money for us to spend."

Popular Use Cases

Coverity is used for static code analysis, enhancing code quality, and identifying vulnerabilities. Companies use it during software integration, for auditing, and in DevOps processes. It supports multiple programming languages, operates on-premises, and integrates with CI/CD pipelines to catch quality and security issues early. Organizations find it effective in scanning diverse applications, preparing software for standards compliance, and ensuring robust results by detecting bugs, memory leaks, and synchronization issues.

Service and Support

Coverity's customer service is generally efficient and responsive, with various levels of support available. Some users find the technical support team knowledgeable and quick to respond. Others mention dissatisfaction with delays and communication. There is a range of experiences based on the support package chosen, with some issues resolved efficiently while others require more assistance. For urgent matters, priority support is available, although some report inconsistency in expertise among support staff.

Deployment

Coverity's initial setup experiences are mixed. Some users find it straightforward with clear instructions, while others encounter complexities, especially during integration with CI/CD pipelines. Deployment times vary from minutes to several weeks, indicating varying levels of difficulty based on the environment. Users appreciate the documentation quality but highlight a learning curve. Some installations required professional support and significant time, particularly when dealing with missing API features or complex configurations.

Scalability

Many users find Coverity to be scalable, handling medium to large volumes effectively. Some large organizations successfully utilize it across numerous users and projects. Scalability ratings often range from seven to nine out of ten. However, challenges like performance at scale and financial constraints can arise. Larger hardware resources are necessary for enhanced scalability in on-premise deployments, while cloud-based scaling appears more seamless. Certain companies note that future user expansion may be limited by cost considerations.

Stability

Coverity has a reputation for stability, with no significant bugs, crashes, or freezes mentioned. Users report it as reliable for both small and large projects, although some encounter minor lags during cloud environment setups. While some updates are necessary to maintain optimal conditions, most users rate Coverity between eight to ten out of ten. It is generally considered robust, having been in the industry for over 30 years, though newer versions occasionally bring minor compatibility issues.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Coverity Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Manufacturing Company

32%

Computer Software Company

15%

Financial Services Firm

Government

Healthcare Company

Energy/Utilities Company

University

Educational Organization

Aerospace/Defense Firm

Wholesaler/Distributor

Retailer

Media Company

Construction Company

Transportation Company

Engineering Company

Comms Service Provider

Real Estate/Law Firm

Non Profit

Outsourcing Company

Insurance Company

Legal Firm

Hospitality Company

Consumer Goods Company

Recreational Facilities/Services Company

Logistics Company

Pharma/Biotech Company

Performing Arts

Compare Coverity with alternative products

Learn more about Coverity

Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports more than 20 languages and 200 frameworks and templates.

Coverity was previously known as Synopsys Static Analysis.