Try our new research platform with insights from 80,000+ expert users

Coverity vs SonarQube Server (formerly SonarQube) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 15, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Coverity
Ranking in Static Application Security Testing (SAST)
5th
Average Rating
7.8
Reviews Sentiment
6.5
Number of Reviews
43
Ranking in other categories
No ranking in other categories
SonarQube Server (formerly ...
Ranking in Static Application Security Testing (SAST)
1st
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
116
Ranking in other categories
Application Security Tools (1st), Software Development Analytics (1st)
 

Mindshare comparison

As of July 2025, in the Static Application Security Testing (SAST) category, the mindshare of Coverity is 7.2%, up from 6.7% compared to the previous year. The mindshare of SonarQube Server (formerly SonarQube) is 22.7%, down from 27.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Jaile Sebes - PeerSpot reviewer
Resolving critical software issues demands faster implementation and better integration
We use Coverity primarily to find issues such as software bugs and memory leaks, especially in C++ and C# projects. It helps us identify deadlocks, synchronization issues, and product crashes Coverity has been instrumental in resolving product crashes by detecting various issues like deadlocks.…
Sthembiso Zondi - PeerSpot reviewer
Consistent improvements in code quality and security with effective integration and reliable technical support
The features of SonarQube Server (formerly SonarQube) that I find most useful are the suggestions received from reviewing the code. When they review the code, they provide suggestions on how to fix it, and we find those very useful from a development perspective. We use SonarQube Server's (formerly SonarQube) centralized management and visualization of code quality metrics on the dashboard because that's the executive dashboard that we send to the executives to show where we are in terms of quality, security, and where the company can improve. We use that for organizational improvement purposes. The ability to tailor metrics tracking in SonarQube Server (formerly SonarQube) has been beneficial to my team. There are team-specific dashboards which are related to specific repositories they utilize, and we have that aggregative dashboard that shows the whole organization's performance. We can drill down per specific repository, which makes it easier for the team to improve specific things.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is the integration with Jenkins."
"Coverity provides excellent compliance and other features, which is a very good part."
"The most valuable feature of Coverity is its interprocedural analysis, which is advantageous because it compares favorably with other tools in terms of security and code analysis."
"It's pretty stable. I rate the stability of Coverity nine out of ten."
"Considering the analysis part and the benchmarking process involving the product that my company carried out, the solution is good for finding bugs and violations"
"The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code."
"Coverity is quite stable and we haven’t had any issues or any downtime."
"It is a scalable solution."
"SonarQube has a lot of value, it reviews the basic coding standards and security vulnerabilities of code that help to reduce issues."
"The solution can verify vulnerabilities, code smells, and hotspots. It makes the software more secure and it helps make a junior or novice developer sharper."
"I like the by-default policies that are they, as they seem to cover most of what I need."
"It is a very good tool for analysis despite its limitations."
"I like that it helps us maintain our work quality and code security."
"It helps our developers work more efficiently as we can identify things in a code prior to it being pushed to where it needs to go."
"The solution's user interface is very user-friendly."
"If code coverage is a low number then that's of great value to me."
 

Cons

"I had tried integrating the tool with Azure DevOps, but the report I got stated that my team faced many challenges."
"Some features are not performing well, like duplicate detection and switch case situations."
"Ideally, it would have a user-based license that does not have a restriction in the number of lines of code."
"The product should include more customization options. The analytics is not as deep as compared to SonarQube."
"Sometimes it's a bit hard to figure out how to use the product’s UI."
"SCM integration is very poor in Coverity."
"The price is a concern, and there are a lot of false positives coming through."
"The solution could use more rules."
"Technical support and the price could be better."
"We found a solution with dynamic testing, and are looking to find a solution that can be used for both types of testing."
"The learning curve can be fairly steep at first, but then, it's not an entry-level type of application. It's not like an introduction to C programming. You should know not just C programming and how to make projects but also how to apply its findings to the bigger picture. I've had users who said that they wish it was easier to understand how to configure, but I don't know if that's doable because what it's doing is a very complicated thing. I don't know if it is possible to make a complicated thing trivially simple."
"SonarQube could improve by adding automatic creation of tasks after scanning and more support for the Czech language."
"If there was an official Docker image of SonarQube that could easily integrate into the pipeline would help the user to plug in and plug out and use it directly without any custom configuration. I am not sure if this is being offered already in an update but it would be very helpful."
"I see a problem with SonarQube Server (formerly SonarQube) because the vulnerability assessment is continuous; if I fix some vulnerabilities today, they reappear in the next scan, and there will be completely different issues that need to be fixed."
"I have found this solution creates more noise than competitors."
"The interface could be a little better and should be enhanced."
 

Pricing and Cost Advice

"Coverity is very expensive."
"It is expensive."
"The price is competitive with other solutions."
"The tool's price is somewhere in the middle. It's neither cheap nor expensive. I would rate the pricing a five out of ten."
"The pricing is on the expensive side, and we are paying for a couple of items."
"The solution's pricing is comparable to other products."
"This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis."
"I would rate the tool's pricing a one out of ten."
"This solution is free."
"We use the solution free of cost."
"We are using the free, unlicensed version."
"A low cost long-term solution for non-critical situations."
"We did not purchase a license (required for C++ support), but this option was considered."
"We have a license with 125,000 lines of code. We did not purchase a lot of lines but it is specific to our code environment."
"We are using the open-source community version, but there are enterprise licenses available."
"The licence is standard open source licensing"
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
863,679 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
32%
Computer Software Company
14%
Financial Services Firm
6%
Government
4%
Financial Services Firm
16%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
What do you like most about Coverity?
The solution has improved our code quality and security very well.
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you a...
 

Also Known As

Synopsys Static Analysis
Sonar
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

SAP, Mega International, Thales Alenia Space
Information Not Available
Find out what your peers are saying about Coverity vs. SonarQube Server (formerly SonarQube) and other solutions. Updated: July 2025.
863,679 professionals have used our research since 2012.