Try our new research platform with insights from 80,000+ expert users
Coverity Logo

Coverity pros and cons

Vendor: Black Duck
3.9 out of 5
352 followers
Post review

Pros & Cons summary

Coverity aids in enhancing code quality and security by integrating seamlessly with CI systems and offering valuable security analysis features, including interprocedural analysis. It helps boost productivity by 20%. However, it requires a more robust reporting engine, quicker setup, and better integration with IDEs like Eclipse. Despite its strengths, concerns remain about cost and a high rate of false positives, affecting efficiency. Price considerations may impact purchasing decisions for some users.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Coverity significantly reduces false positives, allowing a focus on genuine vulnerabilities.
It integrates well with Jenkins and other CI tools, enhancing productivity and security.
Coverity offers robust security features, including interprocedural analysis and vulnerability identification.
It provides detailed reports that help in categorizing and addressing vulnerabilities based on severity.
Coverity improves code quality by enabling real-time analysis and reducing the need for manual code reviews.

CONS

Coverity's reporting engine needs to be more robust, and its reporting tool integration process can be slow.
Integration with popular IDEs, like Eclipse, and support for additional IDEs would improve usability.
The price of Coverity is an issue and can be improved.
Coverity has a high false positive rate in checkers, causing wasted time on non-issues.
Implementation cycle is slow, especially concerning changes related to event handling and memory leaks.
 

Coverity Pros review quotes

VV
Apr 26, 2024
Coverity integrates with issue-tracking systems like Jira and provides email notifications, alerts, and other features.
Read full review
reviewer1428837 - PeerSpot reviewer
Sep 30, 2020
The most valuable feature is that there were not a whole lot of false positives, at least on the codebases that I looked at.
Read full review
VV
Oct 12, 2021
One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited.
Read full review
Buyer's Guide
Coverity
December 2024
Free Report: Coverity Reviews and More
Learn what your peers think about Coverity. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
DOWNLOAD NOW
824,067 professionals have used our research since 2012.
BL
Apr 3, 2024
In my opinion, the most effective Coverity feature for identifying critical vulnerabilities is the extra checks, which offers deep analysis.
Read full review
Md. Shahriar Hussain - PeerSpot reviewer
May 3, 2024
The reporting feature is up to the mark.
Read full review
AP
Nov 9, 2023
The interface of Coverity is quite good, and it is also easy to use.
Read full review
NS
Apr 2, 2020
Coverity is quite stable and we haven’t had any issues or any downtime.
Read full review
Yantao Zhao - PeerSpot reviewer
Sep 4, 2019
The features I find most valuable is that our entire company can publish the analysis results into our central space.
Read full review
reviewer2218830 - PeerSpot reviewer
Jun 23, 2023
Coverity gives advisory and deviation features, which are some of the parts I liked.
Read full review
Arun Dahiphale - PeerSpot reviewer
Feb 20, 2024
The solution has improved our code quality and security very well.
Read full review
Show 10 more reviews (out of 40)
 

Coverity Cons review quotes

VV
Apr 26, 2024
Coverity concerns its dashboards and reporting.
Read full review
reviewer1428837 - PeerSpot reviewer
Sep 30, 2020
It should be easier to specify your own validation routines and sanitation routines.
Read full review
VV
Oct 12, 2021
Right now, the Coverity executable is around 1.2GB to download. If they can reduce it to approximately 600 or 700MB, that would be great. If they decrease the executable, it will be much easier to work in an environment like Docker.
Read full review
Buyer's Guide
Coverity
December 2024
Free Report: Coverity Reviews and More
Learn what your peers think about Coverity. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
DOWNLOAD NOW
824,067 professionals have used our research since 2012.
BL
Apr 3, 2024
We're currently facing a primary challenge with automation using Coverity. Each developer has a license and can perform manual checks, and we also have a nightly build that analyzes the entire software. The main issue is that the tool can't look behind submodules in our code base, so it doesn't see changes stored there.
Read full review
Md. Shahriar Hussain - PeerSpot reviewer
May 3, 2024
The reporting tool integration process is sometimes slow.
Read full review
AP
Nov 9, 2023
Coverity takes a lot of time to dereference null pointers.
Read full review
NS
Apr 2, 2020
I would like to see integration with popular IDEs, such as Eclipse.
Read full review
Yantao Zhao - PeerSpot reviewer
Sep 4, 2019
The setup takes very long.
Read full review
reviewer2218830 - PeerSpot reviewer
Jun 23, 2023
SCM integration is very poor in Coverity.
Read full review
Arun Dahiphale - PeerSpot reviewer
Feb 20, 2024
It would be great if we could customize the rules to focus on critical issues.
Read full review
Show 10 more reviews (out of 40)

Product Categories

Product Categories
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs Coverity Logo
SonarQube Server (formerly SonarQube) vs Coverity
Veracode vs Coverity Logo
Veracode vs Coverity
GitLab vs Coverity Logo
GitLab vs Coverity
Checkmarx One vs Coverity Logo
Checkmarx One vs Coverity
OWASP Zap vs Coverity Logo
OWASP Zap vs Coverity
SonarQube Cloud (formerly SonarCloud) vs Coverity Logo
SonarQube Cloud (formerly SonarCloud) vs Coverity
Fortify on Demand vs Coverity Logo
Fortify on Demand vs Coverity
Acunetix vs Coverity Logo
Acunetix vs Coverity
PortSwigger Burp Suite Professional vs Coverity Logo
PortSwigger Burp Suite Professional vs Coverity
HCL AppScan vs Coverity Logo
HCL AppScan vs Coverity
Qualys Web Application Scanning vs Coverity Logo
Qualys Web Application Scanning vs Coverity
Klocwork vs Coverity Logo
Klocwork vs Coverity
Invicti vs Coverity Logo
Invicti vs Coverity
Parasoft SOAtest vs Coverity Logo
Parasoft SOAtest vs Coverity
Kiuwan vs Coverity Logo
Kiuwan vs Coverity
See all alternatives

Product Categories

Product Categories
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs Coverity Logo
SonarQube Server (formerly SonarQube) vs Coverity
Veracode vs Coverity Logo
Veracode vs Coverity
GitLab vs Coverity Logo
GitLab vs Coverity
Checkmarx One vs Coverity Logo
Checkmarx One vs Coverity
OWASP Zap vs Coverity Logo
OWASP Zap vs Coverity
SonarQube Cloud (formerly SonarCloud) vs Coverity Logo
SonarQube Cloud (formerly SonarCloud) vs Coverity
Fortify on Demand vs Coverity Logo
Fortify on Demand vs Coverity
Acunetix vs Coverity Logo
Acunetix vs Coverity
PortSwigger Burp Suite Professional vs Coverity Logo
PortSwigger Burp Suite Professional vs Coverity
HCL AppScan vs Coverity Logo
HCL AppScan vs Coverity
Qualys Web Application Scanning vs Coverity Logo
Qualys Web Application Scanning vs Coverity
Klocwork vs Coverity Logo
Klocwork vs Coverity
Invicti vs Coverity Logo
Invicti vs Coverity
Parasoft SOAtest vs Coverity Logo
Parasoft SOAtest vs Coverity
Kiuwan vs Coverity Logo
Kiuwan vs Coverity
See all alternatives
Related questions
  • 86
What is the difference between Coverity and SonarQube?
  • 57
What is the biggest difference between Coverity and SonarQube?
  • 1,680
How would you decide between Coverity and Sonarqube?
  • 19
What Application Security Solution Do You Use That Is DevOps Friendly?
  • 100
Which is the most comprehensive open source Web Security Testing tool?
  • 250
What is the best Application Security Testing platform?
  • 6
When evaluating Application Security Testing, what aspect do you think is the most important to look for?
  • 114
SAST vs. DAST: Which is better for application security testing?
  • 136
What tools do you rely on for building a DevSecOps pipeline?
  • 35
What does the Log4j/Log4Shell vulnerability mean for your company?