Try our new research platform with insights from 80,000+ expert users
Coverity Logo

Coverity pros and cons

Vendor: Black Duck
3.9 out of 5
347 followers
Post review

Pros & Cons summary

Coverity features low false positives and boosts productivity by 20%, benefiting work quality. Its Jenkins integration supports continuous integration, though enhancements to its reporting engine, IDE support, and SCM integration are needed. While scalable and stable, pricing and licensing show room for improvement. Despite effective interprocedural analysis, vulnerabilities remain challenging to address. Limited customization affects compatibility with GitHub and Gitflow, requiring complex setups.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Coverity effectively identifies and improves code quality by identifying real issues with a low rate of false positives.
It includes security features like interprocedural analysis and software security checkers that enhance code safety.
Integration with Jenkins and an ability to work with issue-tracking systems like Jira enhances its utility in varied development environments.
It is noted for its stability and scalability, ensuring reliable performance and adaptability to different company sizes and projects.
Coverity aids in improved staff productivity by approximately 20 percent, demonstrating substantial efficiency gains.

CONS

Coverity's reporting engine needs to be more robust, and it could improve its usability.
The setup takes a long time, and its integration with IDEs like Eclipse is desired.
The price of Coverity is an issue and could be improved, as it is considered high.
It faces challenges in automating tasks, such as looking behind submodules in code bases.
Coverity has a higher false-positive rate with some checkers, leading to wasted time on non-issues.
 

Coverity Pros review quotes

VV
Apr 26, 2024
Coverity integrates with issue-tracking systems like Jira and provides email notifications, alerts, and other features.
Read full review
reviewer1428837 - PeerSpot reviewer
Sep 30, 2020
The most valuable feature is that there were not a whole lot of false positives, at least on the codebases that I looked at.
Read full review
VV
Oct 12, 2021
One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited.
Read full review
Buyer's Guide
Coverity
November 2024
Free Report: Coverity Reviews and More
Learn what your peers think about Coverity. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
DOWNLOAD NOW
816,406 professionals have used our research since 2012.
BL
Apr 3, 2024
In my opinion, the most effective Coverity feature for identifying critical vulnerabilities is the extra checks, which offers deep analysis.
Read full review
Md. Shahriar Hussain - PeerSpot reviewer
May 3, 2024
The reporting feature is up to the mark.
Read full review
AP
Nov 9, 2023
The interface of Coverity is quite good, and it is also easy to use.
Read full review
NS
Apr 2, 2020
Coverity is quite stable and we haven’t had any issues or any downtime.
Read full review
Yantao Zhao - PeerSpot reviewer
Sep 4, 2019
The features I find most valuable is that our entire company can publish the analysis results into our central space.
Read full review
reviewer2218830 - PeerSpot reviewer
Jun 23, 2023
Coverity gives advisory and deviation features, which are some of the parts I liked.
Read full review
Arun Dahiphale - PeerSpot reviewer
Feb 20, 2024
The solution has improved our code quality and security very well.
Read full review
Show 10 more reviews (out of 39)
 

Coverity Cons review quotes

VV
Apr 26, 2024
Coverity concerns its dashboards and reporting.
Read full review
reviewer1428837 - PeerSpot reviewer
Sep 30, 2020
It should be easier to specify your own validation routines and sanitation routines.
Read full review
VV
Oct 12, 2021
Right now, the Coverity executable is around 1.2GB to download. If they can reduce it to approximately 600 or 700MB, that would be great. If they decrease the executable, it will be much easier to work in an environment like Docker.
Read full review
Buyer's Guide
Coverity
November 2024
Free Report: Coverity Reviews and More
Learn what your peers think about Coverity. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
DOWNLOAD NOW
816,406 professionals have used our research since 2012.
BL
Apr 3, 2024
We're currently facing a primary challenge with automation using Coverity. Each developer has a license and can perform manual checks, and we also have a nightly build that analyzes the entire software. The main issue is that the tool can't look behind submodules in our code base, so it doesn't see changes stored there.
Read full review
Md. Shahriar Hussain - PeerSpot reviewer
May 3, 2024
The reporting tool integration process is sometimes slow.
Read full review
AP
Nov 9, 2023
Coverity takes a lot of time to dereference null pointers.
Read full review
NS
Apr 2, 2020
I would like to see integration with popular IDEs, such as Eclipse.
Read full review
Yantao Zhao - PeerSpot reviewer
Sep 4, 2019
The setup takes very long.
Read full review
reviewer2218830 - PeerSpot reviewer
Jun 23, 2023
SCM integration is very poor in Coverity.
Read full review
Arun Dahiphale - PeerSpot reviewer
Feb 20, 2024
It would be great if we could customize the rules to focus on critical issues.
Read full review
Show 10 more reviews (out of 39)

Product Categories

Product Categories
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs Coverity Logo
SonarQube Server (formerly SonarQube) vs Coverity
Veracode vs Coverity Logo
Veracode vs Coverity
GitLab vs Coverity Logo
GitLab vs Coverity
Checkmarx One vs Coverity Logo
Checkmarx One vs Coverity
OWASP Zap vs Coverity Logo
OWASP Zap vs Coverity
SonarQube Cloud (formerly SonarCloud) vs Coverity Logo
SonarQube Cloud (formerly SonarCloud) vs Coverity
Fortify on Demand vs Coverity Logo
Fortify on Demand vs Coverity
Acunetix vs Coverity Logo
Acunetix vs Coverity
PortSwigger Burp Suite Professional vs Coverity Logo
PortSwigger Burp Suite Professional vs Coverity
HCL AppScan vs Coverity Logo
HCL AppScan vs Coverity
Qualys Web Application Scanning vs Coverity Logo
Qualys Web Application Scanning vs Coverity
Klocwork vs Coverity Logo
Klocwork vs Coverity
Invicti vs Coverity Logo
Invicti vs Coverity
Parasoft SOAtest vs Coverity Logo
Parasoft SOAtest vs Coverity
Kiuwan vs Coverity Logo
Kiuwan vs Coverity
See all alternatives

Product Categories

Product Categories
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs Coverity Logo
SonarQube Server (formerly SonarQube) vs Coverity
Veracode vs Coverity Logo
Veracode vs Coverity
GitLab vs Coverity Logo
GitLab vs Coverity
Checkmarx One vs Coverity Logo
Checkmarx One vs Coverity
OWASP Zap vs Coverity Logo
OWASP Zap vs Coverity
SonarQube Cloud (formerly SonarCloud) vs Coverity Logo
SonarQube Cloud (formerly SonarCloud) vs Coverity
Fortify on Demand vs Coverity Logo
Fortify on Demand vs Coverity
Acunetix vs Coverity Logo
Acunetix vs Coverity
PortSwigger Burp Suite Professional vs Coverity Logo
PortSwigger Burp Suite Professional vs Coverity
HCL AppScan vs Coverity Logo
HCL AppScan vs Coverity
Qualys Web Application Scanning vs Coverity Logo
Qualys Web Application Scanning vs Coverity
Klocwork vs Coverity Logo
Klocwork vs Coverity
Invicti vs Coverity Logo
Invicti vs Coverity
Parasoft SOAtest vs Coverity Logo
Parasoft SOAtest vs Coverity
Kiuwan vs Coverity Logo
Kiuwan vs Coverity
See all alternatives
Related questions
  • 71
What is the difference between Coverity and SonarQube?
  • 59
What is the biggest difference between Coverity and SonarQube?
  • 1,811
How would you decide between Coverity and Sonarqube?
  • 23
What Application Security Solution Do You Use That Is DevOps Friendly?
  • 115
Which is the most comprehensive open source Web Security Testing tool?
  • 276
What is the best Application Security Testing platform?
  • 6
When evaluating Application Security Testing, what aspect do you think is the most important to look for?
  • 131
SAST vs. DAST: Which is better for application security testing?
  • 172
What tools do you rely on for building a DevSecOps pipeline?
  • 39
What does the Log4j/Log4Shell vulnerability mean for your company?