Try our new research platform with insights from 80,000+ expert users

Coverity vs SonarQube Server (formerly SonarQube) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 30, 2024
 

Categories and Ranking

Coverity
Ranking in Static Application Security Testing (SAST)
4th
Average Rating
7.8
Reviews Sentiment
6.5
Number of Reviews
42
Ranking in other categories
No ranking in other categories
SonarQube Server (formerly ...
Ranking in Static Application Security Testing (SAST)
1st
Average Rating
8.0
Reviews Sentiment
7.5
Number of Reviews
113
Ranking in other categories
Application Security Tools (1st), Software Development Analytics (1st)
 

Mindshare comparison

As of December 2024, in the Static Application Security Testing (SAST) category, the mindshare of Coverity is 8.5%, up from 7.2% compared to the previous year. The mindshare of SonarQube Server (formerly SonarQube) is 28.7%, up from 28.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Md. Shahriar Hussain - PeerSpot reviewer
Offers impressive reporting features with user-friendliness and high scalability
The solution can be easily setup but requires heavy integration due to the multiple types of port and programming languages involved. Comparing the resource requirements of the solution I would say it can be installed effortlessly. I would rate the initial setup an eight out of ten. A professional needs some pre-acquired knowledge to manage Coverity's deployment process, but the local solution partners provide support well enough for trouble-free deployment. The overall deployment process of Coverity took around two and a half hours in our organization. The deployment duration depends upon the operating system and resources including high-end RAM and CPU processors.
Wang Dayong - PeerSpot reviewer
Easy to integrate and has a plug-in that supports both C and C++ languages
The product provides false reports sometimes. It also fails to understand the context of the code. It reports that a line of code has issues without considering its relation with the previous line. The product should improve the report quality. While it asks us to improve the code quality, it would be good if it also suggests how to improve the quality.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent."
"The most valuable feature of Coverity is its software security feature called the Checker. If you share some vulnerability or weakness then the software can find any potential security bug or defect. The code integration tool enables some secure coding standards and implements some Checkers for Live Duo. So we can enable secure coding and Azure in this tool. So in our software, we can make sure our software combines some industry supervised data."
"The solution effectively identifies bugs in code."
"The reporting feature is up to the mark."
"It is a scalable solution."
"It help us identify the latest security vulnerabilities."
"The product is easy to use."
"It's very stable."
"The solution's user interface is very user-friendly."
"Engineers have also learned from the results and have improved themselves as engineers. This will help them with their careers."
"When comparing other static code analysis tools, SonarQube has fewer false-positive issues being reported. They have a lot of support for different tech stacks. It covers the entire developer community which includes Salesforce or it could be the regular Java.net project. It has actually sufficed all the needs in one tool for static code analysis."
"I like that it's easy to navigate not just in terms of code findings but you can actually see them in the context of your source code because it gives you a copy of your code with the items that it found and highlights them. You can see it directly in your code, so you can easily go back and make the corrections in the code. It basically finds the problems for you and tells you where they are."
"It is a very good tool for analysis and security vulnerability checking."
"The most valuable features are code scanning and Quality Gates."
"It is an easy tool that you can deploy and configure. After that you can measure the history of your obligation and integrate it with other tools like GitLab or GitHub or Azure DevOps to do quality code analysis."
"The solution has a plug-in that supports both C and C++ languages."
 

Cons

"We're currently facing a primary challenge with automation using Coverity. Each developer has a license and can perform manual checks, and we also have a nightly build that analyzes the entire software. The main issue is that the tool can't look behind submodules in our code base, so it doesn't see changes stored there."
"Some features are not performing well, like duplicate detection and switch case situations."
"Coverity is far from perfection, and I'm not 100 percent sure it's helping me find what I need to find in my role. We need exactly what we are looking for, i.e. security errors and vulnerabilities. It doesn't seem to be reporting while we are changing our code."
"Sometimes, vulnerabilities remain unidentified even after setting up the rules."
"Sometimes it's a bit hard to figure out how to use the product’s UI."
"The level of vulnerability that this solution covers could be improved compared to other open source tools."
"The setup takes very long."
"I had tried integrating the tool with Azure DevOps, but the report I got stated that my team faced many challenges."
"The BPM language is important and should be considered in SonarQube."
"There is no automation. You need to put the code there and test. You then pull the results and put them back in the development environment. There is no integration with the development environment. We would like it to be integrated with our development environment, which is basically the CI/CD pipeline or the IDE that we have."
"The product provides false reports sometimes."
"It would be a great add-on if SonarQube could update its database for vulnerabilities or plugging parts."
"I would like to see improvements in defining the quality sets of rules and the quality to ensure code with low-performance does not end up in production."
"Their dashboarding is very limited. They can improve their dashboards for multiple areas, such as security review, maintainability, etc. They have all this information, so they should publish all this information on the dashboard so that the users can view the summary and then analyze it further. This is something that I would like to see in the next version."
"The product needs to integrate other security tools for security scanning."
"Code security scanning could be improved."
 

Pricing and Cost Advice

"The solution's pricing is comparable to other products."
"I would rate the pricing a six out of ten, where one is low, and ten is high price."
"I would rate the tool's pricing a one out of ten."
"The tool's price is somewhere in the middle. It's neither cheap nor expensive. I would rate the pricing a five out of ten."
"Coverity is quite expensive."
"The tool was fairly priced."
"It is expensive."
"The pricing is very reasonable compared to other platforms. It is based on a three year license."
"We are using the free, unlicensed version."
"We're using their free Community Edition version."
"We have a license with 125,000 lines of code. We did not purchase a lot of lines but it is specific to our code environment."
"We did not purchase a license (required for C++ support), but this option was considered."
"SonarQube is an open-source product that can be used free of charge."
"The costs for this application, for the kind of job it does, are pretty decent."
"Some of the plugins that were previously free are not free now."
"A low cost long-term solution for non-critical situations."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
824,106 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
32%
Computer Software Company
15%
Financial Services Firm
8%
Government
4%
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
What do you like most about Coverity?
The solution has improved our code quality and security very well.
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you a...
 

Also Known As

Synopsys Static Analysis
Sonar
 

Learn More

 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

SAP, Mega International, Thales Alenia Space
Information Not Available
Find out what your peers are saying about Coverity vs. SonarQube Server (formerly SonarQube) and other solutions. Updated: December 2024.
824,106 professionals have used our research since 2012.