Coverity Reviews

Name: Coverity
Brand: Black Duck
Rating: 3.9 (42 reviews)

3.9 out of 5

42 reviews
88% willing to recommend

352 followers

What is Coverity?

Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts.

Get the Coverity Buyer's Guide and find out what your peers are saying about Coverity, SonarQube Server (formerly SonarQube), Veracode and more!

Coverity is the #4 ranked solution in AST tools. PeerSpot users give Coverity an average rating of 7.8 out of 10. Based on the analysis of the 42 most recent Coverity reviews, the overall sentiment is positive, with a sentiment score of 6.5. (Among the lowest in the category). Coverity is most commonly compared to SonarQube Server (formerly SonarQube): Coverity vs SonarQube Server (formerly SonarQube). Coverity is popular among the large enterprise segment, accounting for 77% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a manufacturing company, accounting for 32% of all views.

Helped 823,875 peers since 2012

Featured reviews

Md. Shahriar Hussain

Cyber Security Chartered Engineer at Banglalink

The solution can be easily setup but requires heavy integration due to the multiple types of port and programming languages involved. Comparing the resource requirements of the solution I would say it can be installed effortlessly. I would rate the initial setup an eight out of ten. A professional needs some pre-acquired knowledge to manage Coverity's deployment process, but the local solution partners provide support well enough for trouble-free deployment. The overall deployment process of Coverity took around two and a half hours in our organization. The deployment duration depends upon the operating system and resources including high-end RAM and CPU processors.

Read full review

Jaile Sebes

Senior Software Architect at Siemens Industry

We use Coverity primarily to find issues such as software bugs and memory leaks, especially in C++ and C# projects. It helps us identify deadlocks, synchronization issues, and product crashes Coverity has been instrumental in resolving product crashes by detecting various issues like deadlocks.…

Read full review

Arun Dahiphale

Technical Architect at Elastic Care Inc

The scan of the repository has been most effective in identifying critical vulnerabilities. The product provided visibility over security-related issues like hard coding and values getting exposed in a log. It helped us resolve difficult issues. With CI/CD integration, we could scan the incremental commits done by different developers. We were able to report them, and the developers were able to fix them. The product identifies the issues and has an informative dashboard that gives us strains of incremental issues and resolutions. It also keeps track of whether the reported issues were fixed and what the resolution was. Sometimes, we find duplicate issues. Those were very well managed from the dashboard. Our primary requirement was for compliance, and it was good. The reports were significant and looked very professional.

Read full review

Coverity mindshare

As of December 2024, the mindshare of Coverity in the Static Application Security Testing (SAST) category stands at 8.5%, up from 7.2% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Static Application Security Testing (SAST)

PeerAnalyst reports

Type	Title	Date
Category	Static Application Security Testing (SAST)	Dec 17, 2024	Download
Product	Reviews, tips, and advice from real users	Dec 17, 2024	Download
Comparison	Coverity vs SonarQube Server (formerly SonarQube)	Dec 17, 2024	Download
Comparison	Coverity vs Veracode	Dec 17, 2024	Download
Comparison	Coverity vs Checkmarx One	Dec 17, 2024	Download

Title	Rating	Mindshare	Recommending
SonarQube Server (formerly SonarQube)	4.0	28.7%	81%	113 interviews Add to research
Veracode	4.1	10.1%	90%	196 interviews Add to research

Valuable Features

Coverity excels with a low false positive rate, fast scanning, and integration with CI/CD tools like Jenkins, GitLab. Users value the security analysis, code vulnerability detection, and customizable triage options. Its Inline context help, interprocedural analysis, and detailed reporting enhance usability. Integration capabilities with IDEs and issue-tracking systems, automatic report generation, and ease of use make it a popular choice for ensuring code quality improvement and security.

"Coverity is easy to use and easy to integrate with CI."
"Coverity is easy to use and easy to integrate with CI."
"The most valuable feature of Coverity is its interprocedural analysis, which is advantageous because it compares favorably with other tools in terms of security and code analysis."

Room for Improvement

Coverity requires improvements in usability, reporting capabilities, integration with IDEs, and language support. Users highlight challenges with the interface, high false positives, and inadequate customization. The tool is not user-friendly compared to its competitors. There is a need for better integration with source control management and dynamic analysis features. Pricing is a significant concern, along with the need for enhanced graphical representations and more efficient handling of symbolic links and submodules in code repositories.

"There is an extra step in my organization that involves uploading to servers, which adds overhead."
"Coverity's implementation cycle is very slow when integrating changes, especially for problems related to event handling and memory leaks."
"Zero-day vulnerability identification can be an add-on feature that Coverity can provide."

ROI

Organizations experienced a notable boost in staff productivity by about 20% with Coverity, deriving value over the years and witnessing a significant return on investment. Some value was seen through defect identification before code reached QA, allowing developers to address issues early and save money. The IDE plugin helped developers detect crucial defects as they wrote code, enhancing the development workflow. Early identification of security risks benefited client and end-user security.

Pricing

Coverity's pricing is often seen as expensive, primarily due to its licensing model based on user count rather than lines of code. Many organizations find it costly, especially for setups with numerous developers. The annual licensing is less favorable compared to newer tools which offer more competitive rates. Some users note the pricing is reasonable, while others find it less affordable, giving it varying ratings on a scale of affordability.

"The solution's pricing is comparable to other products."
"Depending on the usage types, one has to opt for different types of licenses from Coverity, especially to be able to use areas like report viewing or report generation."
"I would rate Coverity's pricing as a nine out of ten. It's already very expensive, and it's a problem for us to get more licenses due to the price. The pricing model has some good aspects - for example, a personal license gives access to all languages without code limitations, which is better than some competitors. However, it's still a lot of money for us to spend."

Popular Use Cases

Organizations primarily use Coverity for static code analysis, improving code quality, security, and robustness. It aids in identifying vulnerabilities, defects, and potential issues like bugs and memory leaks in various programming languages, including C++, Java, and C#. Coverity is integrated during the software development and integration processes, often within CI/CD pipelines, to ensure compliance with standards and mitigate risks early, enhancing efficiency and reducing build liabilities.

Service and Support

Coverity's customer service and support are generally knowledgeable, efficient, and responsive, with some noting swift responses. However, others find room for improvement in technical support and communication. They offer various support levels through email, call, and video sessions, depending on issue complexity. SLA satisfaction varies, and some highlight the lack of a user ticketing system. While many find the support satisfactory, a few have experienced inconsistent expertise and delays in response times.

Deployment

Coverity's initial setup is generally straightforward, though it can vary by environment. Windows setups are simpler compared to Linux, which may involve complexities. Some users found the setup quick with detailed instructions, while others faced integration challenges with CI/CD tools and API features. Deployment times varied significantly, from a few minutes to weeks, depending on the complexity and number of integrations. Users appreciated the comprehensive documentation but noted areas for improvement in user interface and processes.

Scalability

Coverity exhibits good scalability, accommodating varying user counts with adaptable usage. While many rate its scalability highly, some mention hardware requirements for optimal performance. Organizations with diverse sizes successfully utilize Coverity, acknowledging potential financial constraints. There is consensus on its capability to handle substantial user numbers, though a few mention performance issues with large-scale applications. Many are planning to expand its use, recognizing its integration potential with other tools.

Stability

Coverity is highly stable, with numerous users rating it between eight and ten out of ten for stability. It is reliable, with no significant issues such as crashes, bugs, or glitches. Some users note occasional lag during initial setups or scans, particularly in cloud environments. Updates are recommended for optimal performance and seamless use. Overall, Coverity is robust and suitable for various needs, offering a secure and steady experience.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Coverity Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Manufacturing Company

32%

Computer Software Company

15%

Financial Services Firm

Government

Healthcare Company

Aerospace/Defense Firm

Educational Organization

Retailer

Energy/Utilities Company

University

Media Company

Construction Company

Wholesaler/Distributor

Comms Service Provider

Transportation Company

Real Estate/Law Firm

Non Profit

Engineering Company

Outsourcing Company

Insurance Company

Legal Firm

Consumer Goods Company

Hospitality Company

Recreational Facilities/Services Company

Logistics Company

Pharma/Biotech Company

Compare Coverity with alternative products

Learn more about Coverity

Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports more than 20 languages and 200 frameworks and templates.

Coverity was previously known as Synopsys Static Analysis.