Coverity Reviews

We have been working on a POC for this solution. It is an on-prem solution and we have 50 internal users. 

This solution is easy to use. 

The level of vulnerability that this solution covers could be improved compared to other open source tools. The UI could also be improved. We also cannot directly report the vulnerability. We need to add filters to projects and only then can we download reports. 

I have been using this solution for three months. 

This is a stable solution. 

The pricing is very reasonable compared to other platforms. It is based on a three year license. 

I would rate this solution a seven out of ten. 

Our company has 500 developers and engineers who the solution for C/C++ core static analysis. One engineer handles all ongoing maintenance. 

The solution effectively identifies bugs in code. 

The solution is a bit complex to use in comparison to other products that have many plugins.

More features could be included for finding bugs and analyzing code. For example, more information could be included to explain errors such as memory leaks. 

I have been using the solution for one year. 

The solution is stable. 

The solution is scalable. 

Technical support is helpful and responsive. 

I rate support an eight out of ten. 

Positive

I have not used another solution. 

I would recommend the solution if it includes more features. 

I rate the solution an eight out of ten. 

We use Coverity to scan our code and identify any flow issues in the code that need to be fixed.

Coverity is the most popular product for scanning the code. It's much better than other products like Clockwork, PC Link, and other similar products. It's a better scanning product than others.

The sales strategy needs to improve. First of all, Coverity will give you a low price; then, one year later, they will raise the price. So it becomes expensive later.

Moreover, Coverity is not doing good in terms of some specific features. For example, in the for loop, they can only check the point of the plus statement and cannot handle the sub-encryption. It can only handle the increase and not the decreased logic. So they will miss critical issues in some conditions.

In future releases, the price and policy could be improved, and also the script for the loop.

I have been using Coverity for one year and a half. We don't use the latest version, just a version from about half a year before.

There's not much difference between that and the latest version, just minor changes. 

It's very stable. I would rate it a nine. The stability of Coverity was very good. 

I would rate scalability a seven out of ten. 

However, we stopped using Coverity due to pricing issues. I don't have the exact number, but only a few in my department used it for security tasks. They were common employees and engineers.

In the beginning,  customer service and support were very helpful, but now I would say their helpfulness is maybe a six out of ten.

Neutral

The initial setup is easy. It just takes a couple of minutes. I could do it myself. Coverity gave me a document with instructions, and the installation was successful. There is a guide for installation.

Moreover, the maintenance of Coverity doesn't require many people. It was done by maybe one or two engineers.

We use the yearly-based license. I would rate the pricing a three out of ten, where one is very expensive, and ten is not expensive at all.

Overall, I would rate Coverity a seven out of ten. I can rate it higher because there are a few areas of improvement in Coverity. The first problem is the pricing. The second one is some features not performing well, like duplicate detection and switch case situations.

We use the product only as a solution for defect code, to find more build liabilities in the code.

The product allows us to find vulnerabilities while testing our apps. 

The app analysis is the most valuable feature as I know other solutions don't have that.

It's a good tool. The interface, support, pricing, and integration do not have any limitations.

The solution could use more rules. For example, if I have a lot of rules in many languages, it helps my company as having access to more rules works for us.

We'd like a bit more integration.

I've been using the solution for maybe three months. 

The solution is stable. There are no bugs or glitches and it doesn't crash or freeze. It's reliable and the performance has been good overall. 

We find the solution to be scalable. 

I'm not sure exactly how many people are using the product.

I can't say if we have plans to increase usage or not in the future. 

We haven't had any issues with technical support. They are helpful and responsive. 

Positive

We also use SonarQube.

In the past, I used Checkmarx and Fortify, and Coverity had the better price.

I have access only to the interface part and I didn't do the configuration of the tool. I do not handle the initial setup of the product.

As I recall, the deployment itself only took days. 

Our company managed the setup in-house without the help of outside vendors. 

We find the pricing to be reasonable.

We're a customer and end-user.

We are using a recent version of the solution. 

I'd like potential new users to be aware that it's a good tool to implement basic code.

I'd rate the solution nine out of ten.

I use Coverity for static code analysis, covering different kinds of malware issues that can arise and ensuring robustness in terms of security.

Coverity is easy to use and easy to integrate with CI. However, in my organization, there is an additional step that involves uploading to servers, which creates an overhead. 

Apart from this, tools like Check Point and Trivy were very easy to get started with. Overall, the solution offers good scalability and is straightforward to deploy.

There is an extra step in my organization that involves uploading to servers, which adds overhead. Understanding the reporting in the beginning was challenging, especially when figuring out which mode to run on and the different arguments to use.

I have been using Coverity for a few months.

I have not faced any challenges with the stability of Coverity.

Both tools have very good scalability. Understanding the flow and pipeline helps in scaling effectively, and it is highly scalable.

I have not contacted the support team yet.

Neutral

The initial setup was straightforward.

I do not know about the pricing.

The overall rating I give to Coverity is seven out of ten. The additional step that needs to be taken is a factor in my rating.

I have not used the product for my projects in the company recently, but I know that some other teams use it for certain work.

Coverity is used as a static code analysis tool in my company.

Compared to the other tools in the market, Coverity is not a user-friendly product. Coverity fails to provide the same comfort as other solutions in the market, which provides better visibility of reports.

I have experience with Coverity. I am a customer of the tool.

I have not directly contacted the product's support team, but there is a group within the corporate circles that maintains the tool, and so they communicate with the tool's technical team. I believe that the support offered was satisfactory.

I don't use any other products which are similar to Coverity.

I was involved in the tool's deployment phase.

Depending on the usage types, one has to opt for different types of licenses from Coverity, especially to be able to use areas like report viewing or report generation. Reviewers may have to opt for a different license. For report generation, I used the product two to three ago for a project, and it was done mainly for benchmarking. The setting of the jobs or the configurations was pretty difficult compared to the other products in the market. Working with the product is a bit difficult in general.

I don't have accurate information about the prices associated with the product.

I am not the person in authority who makes decisions over whether the company should look at other options apart from Coverity. The higher management makes such decisions while I am just a part of the product development team.

In terms of the satisfaction derived from the use of the product in our company, I would say that there was another person in my company who benchmarked against Coverity with other products like SonarQube and some other LDRA solutions. Products are used considering that different projects would have different requirements.

I can't say whether the product has helped my company maintain compliance with coding standards since we are not currently using Coverity. Many projects have strict guidelines when it comes to the static code analysis part. In the future, the tool's ability to maintain compliance with coding standards can be useful.

My company has licenses to use the product.

I don't have vast experience with Coverity to be able to say whether I would recommend the product to others or not.

I did not use the tool's AI capabilities.

Considering the analysis part and the benchmarking process involving the product that my company carried out, the solution is good for finding bugs and violations. I rate the tool at eight to nine out of ten.

We use Coverity to help with code security and code vulnerability.

The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code.

We use GitHub and Gitflow, and Coverity does not fit with Gitflow. I have to create a screen for our branches, and it's a pain for developers. It has been difficult to integrate Coverity with our system.

In the next release, I would like to have the ability to easily add screens to branches myself as a developer.

I've been using this solution for about five years.

It is a stable product.

It's scalable, and approximately 200 developers use Coverity in my organization. We have 10 administrators at present.

Technical support is good, but they do not have a user ticketing system. Therefore, we have to go through an to administrator to get support. For the support itself, I would give a rating of eight out of ten.

Positive

The pricing is on the expensive side, and we are paying for a couple of items.

My advice would be to look at other solutions and evaluate on-premises or SaaS options.

Overall, I would rate Coverity at six out of ten.

I use Coverity in my company mainly to fix bug issues and detect errors with code analysis.

The ability of Coverity to fix bug issues is important to me. Coverity actually helps to debug and deal really fast when it comes to code analysis. Coverity does have a higher detection rate. It is easy to integrate Coverity into the CI/CD pipeline. Coverity is helpful in marking false positives. Though Coverity has some pros and cons, its pros make it a quite good tool.

The scanning ability of Coverity is good since it helps fix bug issues. The interface of Coverity is quite good, and it is also easy to use.

Coverity takes a lot of time to dereference null pointers. The product's price is one of its shortcomings, where improvements are required. In general, the price of the product should be kept low.

In the future, Coverity should provide more flexibility.

I have been using Coverity for a year. I use the solution's latest version. I am a customer of the tool.

Stability-wise, I rate the solution a seven out of ten.

Scalability-wise, I rate the solution an eight out of ten. I rate the coverage of the product a six out of ten.

Currently, five people in my company use Coverity. My company plans to increase the use of the tool for twenty people.

The solution's technical support is good. I rate the technical support a nine out of ten.

Positive

I have experience with SonarQube. I switched to Coverity from SonarQube since the former mainly focuses on scanning and detection of bugs, while the latter focuses on the security of the code. If you want only to fix bugs, then the focus of the product should also be quite good, like Coverity. SonarQube's focus area is different from Coverity.

I rate the initial setup of Coverity an eight on a scale of one to ten, where one is difficult, and ten is easy.

The setup phase of Coverity can sometimes be straightforward, and if there are some issues, it can be a little bit complex. When involved in some tracking activity, sometimes, Coverity uses looping logic, making it quite difficult to handle bugs. Sometimes, the tracking activity in Coverity will be straightforward with a very good interface. Marking the positive rates and giving some green and red bars can be helpful in Coverity.

The solution is deployed on an on-premises model.

The solution can be deployed in a day.

My company uses the git repository for the implementation of Coverity.

Five people are required to deploy the solution. Around thirty people might be required to take care of the maintenance process of the product since there will be an increase in the team members in our company.

I haven't seen any return on investment from the use of Coverity.

Coverity's cost is quite high. Coverity costs for a year are too high. I rate Coverity's price a ten on a scale of one to ten, where one is cheap and ten is expensive. There are no additional costs apart from the licensing costs attached to the product.

Though my company had other options apart from Coverity, we chose to continue with Coverity as we were already using it for some projects in our organization.

Coverity is quite a good tool that helps fix big issues and deal with code analysis. Coverity's scanning features and scalability are also quite good. The only drawback of the product stems from the fact that it is quite an expensive product. The product's cost can seem too high for a normal user. If your organization is quite good and okay with exploring the tool with its current costs, then you can opt for Coverity. Otherwise, you can use other solutions, like the free community edition from SonarQube.

I rate the overall solution an eight out of ten.