Try our new research platform with insights from 80,000+ expert users

Coverity vs Synopsys Defensics comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Coverity
Average Rating
7.8
Reviews Sentiment
6.5
Number of Reviews
43
Ranking in other categories
Static Application Security Testing (SAST) (5th)
Synopsys Defensics
Average Rating
8.6
Number of Reviews
4
Ranking in other categories
Fuzz Testing Tools (5th)
 

Mindshare comparison

While both are Quality Assurance solutions, they serve different purposes. Coverity is designed for Static Application Security Testing (SAST) and holds a mindshare of 7.2%, up 6.7% compared to last year.
Synopsys Defensics, on the other hand, focuses on Fuzz Testing Tools, holds 22.1% mindshare, up 15.4% since last year.
Static Application Security Testing (SAST)
Fuzz Testing Tools
 

Featured Reviews

Jaile Sebes - PeerSpot reviewer
Resolving critical software issues demands faster implementation and better integration
We use Coverity primarily to find issues such as software bugs and memory leaks, especially in C++ and C# projects. It helps us identify deadlocks, synchronization issues, and product crashes Coverity has been instrumental in resolving product crashes by detecting various issues like deadlocks.…
SK
Product security tests for switches and router sections
Codenomicon Defensics should be more advanced for the testing sector. It should be somewhat easy and flexible to install. What I see in the documentation isn't that. Even if something doesn't malfunction, sometimes it is hard to install and execute. The product needs video documentation. This would help a lot more.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited."
"The product has deeper scanning capabilities."
"Coverity is quite stable and we haven’t had any issues or any downtime."
"The most valuable feature of Coverity is its interprocedural analysis, which is advantageous because it compares favorably with other tools in terms of security and code analysis."
"I like Coverity's capability to scan codes once we push it. We don't need more time to review our colleagues' codes. Its UI is pretty straightforward."
"The most valuable feature is the integration with Jenkins."
"The tool as it is can be used for code quality improvement."
"The most valuable feature of Coverity is the wrapper. We use the wrapper to build the C++ component, then we use the other code analysis to analyze the code to the build object, and then send back the result to the SonarQube server. Additionally, it is a powerful capabilities solution."
"The product is related to US usage with TLS contact fees, i.e. how more data center connections will help lower networking costs."
"Whatever the test suit they give, it is intelligent. It will understand the protocol and it will generate the test cases based on the protocol: protocol, message sequence, protocol, message structure... Because of that, we can eliminate a lot of unwanted test cases, so we can execute the tests and complete them very quickly."
"We have found multiple issues in our embedded system network protocols, related to buffer overflow. We have reduced some of these issues."
 

Cons

"Sometimes it's a bit hard to figure out how to use the product’s UI."
"The product should include more customization options. The analytics is not as deep as compared to SonarQube."
"The reporting tool integration process is sometimes slow."
"Coverity is not a user-friendly product."
"It would be great if we could customize the rules to focus on critical issues."
"The setup takes very long."
"Its price can be improved. Price is always an issue with Synopsys."
"When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material."
"Codenomicon Defensics should be more advanced for the testing sector. It should be somewhat easy and flexible to install."
"It does not support the complete protocol stack. There are some IoT protocols that are not supported and new protocols that are not supported."
"Sometimes, when we are testing embedded devices, when we trigger the test cases, the target will crash immediately. It is very difficult for us to identify the root cause of the crash because they do not provide sophisticated tools on the target side. They cover only the client-side application... They do not have diagnostic tools for the target side. Rather, they have them but they are very minimal and not very helpful."
 

Pricing and Cost Advice

"The pricing is on the expensive side, and we are paying for a couple of items."
"Offers varying prices for different companies"
"The licensing fees are based on the number of lines of code."
"Coverity is very expensive."
"Depending on the usage types, one has to opt for different types of licenses from Coverity, especially to be able to use areas like report viewing or report generation."
"This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis."
"The price is competitive with other solutions."
"The tool's price is somewhere in the middle. It's neither cheap nor expensive. I would rate the pricing a five out of ten."
"Licensing is a bit expensive."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
863,679 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
32%
Computer Software Company
14%
Financial Services Firm
6%
Government
4%
Computer Software Company
20%
Manufacturing Company
15%
Financial Services Firm
8%
Media Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
What do you like most about Coverity?
The solution has improved our code quality and security very well.
Ask a question
Earn 20 points
 

Also Known As

Synopsys Static Analysis
Defensics, Codenomicon Defensics
 

Overview

 

Sample Customers

SAP, Mega International, Thales Alenia Space
Coriant, CERT-FI, Next Generation Networks
Find out what your peers are saying about Sonar, Veracode, GitGuardian and others in Static Application Security Testing (SAST). Updated: July 2025.
863,679 professionals have used our research since 2012.