Coverity Reviews

We have to prepare our software solution for our customers. So in our environment, my cycle. We have a seven hour phase and requirement for design, implement testing, And before testing, we used this tool to clean up our potential feedback as our use case.

.

This product improves functionality and efficiency.

We cannot find any issues in the early stages.

The most valuable feature of Coverity is its software security feature called the Checker. If you share some vulnerability or weakness then the software can find any potential security bug or defect. The code integration tool enables some secure coding standards and implements some Checkers for Live Duo. So we can enable secure coding and Azure in this tool. So in our software, we can make sure our software combines some industry supervised data.

We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot

find some issues, but sometimes they find issues that are not relevant, right, that are not really issues.

Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues.

We've been using this solution for over 10 years. 

The solution is stable.

I rate it eight out of ten.

It is a scalable solution. Several thousand users are using the solution , precisely five thousand software engineers. We plan to increase the usage in future because our software engineer, we are to in their software coding or deployments in our engineering team. We try to integrate this tool into some other tool.

The technical support is reasonable. 

I rate them seven out of ten.

Neutral

I was not involved in the deployment process. Ten partner lines are required for the setting up and launch of the tool.

I have seen a Return on Investment.

I rate the solution eight out of ten.

We use Coverity to help with code security and code vulnerability.

The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code.

We use GitHub and Gitflow, and Coverity does not fit with Gitflow. I have to create a screen for our branches, and it's a pain for developers. It has been difficult to integrate Coverity with our system.

In the next release, I would like to have the ability to easily add screens to branches myself as a developer.

I've been using this solution for about five years.

It is a stable product.

It's scalable, and approximately 200 developers use Coverity in my organization. We have 10 administrators at present.

Technical support is good, but they do not have a user ticketing system. Therefore, we have to go through an to administrator to get support. For the support itself, I would give a rating of eight out of ten.

Positive

The pricing is on the expensive side, and we are paying for a couple of items.

My advice would be to look at other solutions and evaluate on-premises or SaaS options.

Overall, I would rate Coverity at six out of ten.

I use Coverity for static code analysis, covering different kinds of malware issues that can arise and ensuring robustness in terms of security.

Coverity is easy to use and easy to integrate with CI. However, in my organization, there is an additional step that involves uploading to servers, which creates an overhead. 

Apart from this, tools like Check Point and Trivy were very easy to get started with. Overall, the solution offers good scalability and is straightforward to deploy.

There is an extra step in my organization that involves uploading to servers, which adds overhead. Understanding the reporting in the beginning was challenging, especially when figuring out which mode to run on and the different arguments to use.

I have been using Coverity for a few months.

I have not faced any challenges with the stability of Coverity.

Both tools have very good scalability. Understanding the flow and pipeline helps in scaling effectively, and it is highly scalable.

I have not contacted the support team yet.

Neutral

The initial setup was straightforward.

I do not know about the pricing.

The overall rating I give to Coverity is seven out of ten. The additional step that needs to be taken is a factor in my rating.

We use Coverity to scan our code and identify any flow issues in the code that need to be fixed.

Coverity is the most popular product for scanning the code. It's much better than other products like Clockwork, PC Link, and other similar products. It's a better scanning product than others.

The sales strategy needs to improve. First of all, Coverity will give you a low price; then, one year later, they will raise the price. So it becomes expensive later.

Moreover, Coverity is not doing good in terms of some specific features. For example, in the for loop, they can only check the point of the plus statement and cannot handle the sub-encryption. It can only handle the increase and not the decreased logic. So they will miss critical issues in some conditions.

In future releases, the price and policy could be improved, and also the script for the loop.

I have been using Coverity for one year and a half. We don't use the latest version, just a version from about half a year before.

There's not much difference between that and the latest version, just minor changes. 

It's very stable. I would rate it a nine. The stability of Coverity was very good. 

I would rate scalability a seven out of ten. 

However, we stopped using Coverity due to pricing issues. I don't have the exact number, but only a few in my department used it for security tasks. They were common employees and engineers.

In the beginning,  customer service and support were very helpful, but now I would say their helpfulness is maybe a six out of ten.

Neutral

The initial setup is easy. It just takes a couple of minutes. I could do it myself. Coverity gave me a document with instructions, and the installation was successful. There is a guide for installation.

Moreover, the maintenance of Coverity doesn't require many people. It was done by maybe one or two engineers.

We use the yearly-based license. I would rate the pricing a three out of ten, where one is very expensive, and ten is not expensive at all.

Overall, I would rate Coverity a seven out of ten. I can rate it higher because there are a few areas of improvement in Coverity. The first problem is the pricing. The second one is some features not performing well, like duplicate detection and switch case situations.

I use Coverity in my company mainly to fix bug issues and detect errors with code analysis.

The ability of Coverity to fix bug issues is important to me. Coverity actually helps to debug and deal really fast when it comes to code analysis. Coverity does have a higher detection rate. It is easy to integrate Coverity into the CI/CD pipeline. Coverity is helpful in marking false positives. Though Coverity has some pros and cons, its pros make it a quite good tool.

The scanning ability of Coverity is good since it helps fix bug issues. The interface of Coverity is quite good, and it is also easy to use.

Coverity takes a lot of time to dereference null pointers. The product's price is one of its shortcomings, where improvements are required. In general, the price of the product should be kept low.

In the future, Coverity should provide more flexibility.

I have been using Coverity for a year. I use the solution's latest version. I am a customer of the tool.

Stability-wise, I rate the solution a seven out of ten.

Scalability-wise, I rate the solution an eight out of ten. I rate the coverage of the product a six out of ten.

Currently, five people in my company use Coverity. My company plans to increase the use of the tool for twenty people.

The solution's technical support is good. I rate the technical support a nine out of ten.

Positive

I have experience with SonarQube. I switched to Coverity from SonarQube since the former mainly focuses on scanning and detection of bugs, while the latter focuses on the security of the code. If you want only to fix bugs, then the focus of the product should also be quite good, like Coverity. SonarQube's focus area is different from Coverity.

I rate the initial setup of Coverity an eight on a scale of one to ten, where one is difficult, and ten is easy.

The setup phase of Coverity can sometimes be straightforward, and if there are some issues, it can be a little bit complex. When involved in some tracking activity, sometimes, Coverity uses looping logic, making it quite difficult to handle bugs. Sometimes, the tracking activity in Coverity will be straightforward with a very good interface. Marking the positive rates and giving some green and red bars can be helpful in Coverity.

The solution is deployed on an on-premises model.

The solution can be deployed in a day.

My company uses the git repository for the implementation of Coverity.

Five people are required to deploy the solution. Around thirty people might be required to take care of the maintenance process of the product since there will be an increase in the team members in our company.

I haven't seen any return on investment from the use of Coverity.

Coverity's cost is quite high. Coverity costs for a year are too high. I rate Coverity's price a ten on a scale of one to ten, where one is cheap and ten is expensive. There are no additional costs apart from the licensing costs attached to the product.

Though my company had other options apart from Coverity, we chose to continue with Coverity as we were already using it for some projects in our organization.

Coverity is quite a good tool that helps fix big issues and deal with code analysis. Coverity's scanning features and scalability are also quite good. The only drawback of the product stems from the fact that it is quite an expensive product. The product's cost can seem too high for a normal user. If your organization is quite good and okay with exploring the tool with its current costs, then you can opt for Coverity. Otherwise, you can use other solutions, like the free community edition from SonarQube.

I rate the overall solution an eight out of ten.

We use this tool for call scans in order to improve call quality. We implement testing and this tool cleans up our potential feedback. We are a semiconductor company and provide software solutions to our clients. I'm a senior manager. 

Coverity has improved our functionality and efficiency.

This product provides software security, and helps to find potential security bugs or defects with its checker feature. The solution also enables us to implement secure coding. 

We've found that there is a quite high false positive rate. It's a problem because we end up wasting time on something that's not an issue. The tracker reports too many issues that are not relevant. I'd like to see some kind of customization mechanism in the future. 

We've been using this solution for over 10 years. 

The solution is stable. 

The solution is scalable, we have several thousand users. 

The technical support is reasonable. 

Neutral

I rate this solution eight out of 10. 

We have been working on a POC for this solution. It is an on-prem solution and we have 50 internal users. 

This solution is easy to use. 

The level of vulnerability that this solution covers could be improved compared to other open source tools. The UI could also be improved. We also cannot directly report the vulnerability. We need to add filters to projects and only then can we download reports. 

I have been using this solution for three months. 

This is a stable solution. 

The pricing is very reasonable compared to other platforms. It is based on a three year license. 

I would rate this solution a seven out of ten. 

We use the product only as a solution for defect code, to find more build liabilities in the code.

The product allows us to find vulnerabilities while testing our apps. 

The app analysis is the most valuable feature as I know other solutions don't have that.

It's a good tool. The interface, support, pricing, and integration do not have any limitations.

The solution could use more rules. For example, if I have a lot of rules in many languages, it helps my company as having access to more rules works for us.

We'd like a bit more integration.

I've been using the solution for maybe three months. 

The solution is stable. There are no bugs or glitches and it doesn't crash or freeze. It's reliable and the performance has been good overall. 

We find the solution to be scalable. 

I'm not sure exactly how many people are using the product.

I can't say if we have plans to increase usage or not in the future. 

We haven't had any issues with technical support. They are helpful and responsive. 

Positive

We also use SonarQube.

In the past, I used Checkmarx and Fortify, and Coverity had the better price.

I have access only to the interface part and I didn't do the configuration of the tool. I do not handle the initial setup of the product.

As I recall, the deployment itself only took days. 

Our company managed the setup in-house without the help of outside vendors. 

We find the pricing to be reasonable.

We're a customer and end-user.

We are using a recent version of the solution. 

I'd like potential new users to be aware that it's a good tool to implement basic code.

I'd rate the solution nine out of ten.