We have been working on a POC for this solution. It is an on-prem solution and we have 50 internal users.
On-prem dynamic static analysis solution that is easy to use and is reasonably priced
Pros and Cons
- "This solution is easy to use."
- "The level of vulnerability that this solution covers could be improved compared to other open source tools."
What is our primary use case?
What is most valuable?
This solution is easy to use.
What needs improvement?
The level of vulnerability that this solution covers could be improved compared to other open source tools. The UI could also be improved. We also cannot directly report the vulnerability. We need to add filters to projects and only then can we download reports.
For how long have I used the solution?
I have been using this solution for three months.
Buyer's Guide
Coverity
November 2024
Learn what your peers think about Coverity. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
What do I think about the stability of the solution?
This is a stable solution.
What's my experience with pricing, setup cost, and licensing?
The pricing is very reasonable compared to other platforms. It is based on a three year license.
What other advice do I have?
I would rate this solution a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Software Engineer at AMD
A stable and scalable solution for core static analysis
Pros and Cons
- "The solution effectively identifies bugs in code."
- "The solution is a bit complex to use in comparison to other products that have many plugins."
What is our primary use case?
Our company has 500 developers and engineers who the solution for C/C++ core static analysis. One engineer handles all ongoing maintenance.
What is most valuable?
The solution effectively identifies bugs in code.
What needs improvement?
The solution is a bit complex to use in comparison to other products that have many plugins.
More features could be included for finding bugs and analyzing code. For example, more information could be included to explain errors such as memory leaks.
For how long have I used the solution?
I have been using the solution for one year.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The solution is scalable.
How are customer service and support?
Technical support is helpful and responsive.
I rate support an eight out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have not used another solution.
What other advice do I have?
I would recommend the solution if it includes more features.
I rate the solution an eight out of ten.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company has a business relationship with this vendor other than being a customer:
Buyer's Guide
Coverity
November 2024
Learn what your peers think about Coverity. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
Senior Engineer at a computer software company with 5,001-10,000 employees
Identify any flow issues in the code but lacks in some features
Pros and Cons
- "It's very stable."
- "Some features are not performing well, like duplicate detection and switch case situations."
What is our primary use case?
We use Coverity to scan our code and identify any flow issues in the code that need to be fixed.
What is most valuable?
Coverity is the most popular product for scanning the code. It's much better than other products like Clockwork, PC Link, and other similar products. It's a better scanning product than others.
What needs improvement?
The sales strategy needs to improve. First of all, Coverity will give you a low price; then, one year later, they will raise the price. So it becomes expensive later.
Moreover, Coverity is not doing good in terms of some specific features. For example, in the for loop, they can only check the point of the plus statement and cannot handle the sub-encryption. It can only handle the increase and not the decreased logic. So they will miss critical issues in some conditions.
In future releases, the price and policy could be improved, and also the script for the loop.
For how long have I used the solution?
I have been using Coverity for one year and a half. We don't use the latest version, just a version from about half a year before.
There's not much difference between that and the latest version, just minor changes.
What do I think about the stability of the solution?
It's very stable. I would rate it a nine. The stability of Coverity was very good.
What do I think about the scalability of the solution?
I would rate scalability a seven out of ten.
However, we stopped using Coverity due to pricing issues. I don't have the exact number, but only a few in my department used it for security tasks. They were common employees and engineers.
How are customer service and support?
In the beginning, customer service and support were very helpful, but now I would say their helpfulness is maybe a six out of ten.
How would you rate customer service and support?
Neutral
How was the initial setup?
The initial setup is easy. It just takes a couple of minutes. I could do it myself. Coverity gave me a document with instructions, and the installation was successful. There is a guide for installation.
Moreover, the maintenance of Coverity doesn't require many people. It was done by maybe one or two engineers.
What's my experience with pricing, setup cost, and licensing?
We use the yearly-based license. I would rate the pricing a three out of ten, where one is very expensive, and ten is not expensive at all.
What other advice do I have?
Overall, I would rate Coverity a seven out of ten. I can rate it higher because there are a few areas of improvement in Coverity. The first problem is the pricing. The second one is some features not performing well, like duplicate detection and switch case situations.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Works
Performs static application security testing on various code bases, including Java, PHP, and HTML
Pros and Cons
- "The product has been beneficial in logging functionality, allowing me to categorize vulnerabilities based on severity. This aids in providing updated reports on subsequent scans."
- "The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
- "The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
What is our primary use case?
My primary use case is performing static application security testing on various code bases, including Java, PHP, and HTML. I use it to create review reports of assets and categorize the issues based on severity.
What is most valuable?
The product has been beneficial in logging functionality, allowing me to categorize vulnerabilities based on severity. This aids in providing updated reports on subsequent scans.
What needs improvement?
The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming.
For how long have I used the solution?
I have been using Coverity for about two to three months, between June 2023 and August 2023.
What do I think about the stability of the solution?
There were occasional issues with lag during the initial setup and scans, especially in a cloud environment.
How are customer service and support?
Due to the subscription-based model, I had to contact customer service, mainly to add new users. Response times varied, sometimes taking more than a week.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I had experience with SonarQube as an alternative. Coverity excelled in code scanning because it did not require installation prerequisites. Its reports are also clear and informational. It provides us with a better idea of troubleshooting vulnerabilities.
How was the initial setup?
The initial setup was elaborate and somewhat complicated. The information from the Synopsys website was more than enough. First-time users will struggle with many tools, packages, and libraries. Deployment took 30 minutes to complete. Two to three resources were involved in the process.
What about the implementation team?
An integrator helped with the tool's deployment.
What other advice do I have?
I rate the solution a nine out of ten.
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Application Security Auditor at Softtek
Great app analysis, support, and pricing
Pros and Cons
- "The app analysis is the most valuable feature as I know other solutions don't have that."
- "The solution could use more rules."
What is our primary use case?
We use the product only as a solution for defect code, to find more build liabilities in the code.
How has it helped my organization?
The product allows us to find vulnerabilities while testing our apps.
What is most valuable?
The app analysis is the most valuable feature as I know other solutions don't have that.
It's a good tool. The interface, support, pricing, and integration do not have any limitations.
What needs improvement?
The solution could use more rules. For example, if I have a lot of rules in many languages, it helps my company as having access to more rules works for us.
We'd like a bit more integration.
For how long have I used the solution?
I've been using the solution for maybe three months.
What do I think about the stability of the solution?
The solution is stable. There are no bugs or glitches and it doesn't crash or freeze. It's reliable and the performance has been good overall.
What do I think about the scalability of the solution?
We find the solution to be scalable.
I'm not sure exactly how many people are using the product.
I can't say if we have plans to increase usage or not in the future.
How are customer service and support?
We haven't had any issues with technical support. They are helpful and responsive.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We also use SonarQube.
In the past, I used Checkmarx and Fortify, and Coverity had the better price.
How was the initial setup?
I have access only to the interface part and I didn't do the configuration of the tool. I do not handle the initial setup of the product.
As I recall, the deployment itself only took days.
What about the implementation team?
Our company managed the setup in-house without the help of outside vendors.
What's my experience with pricing, setup cost, and licensing?
We find the pricing to be reasonable.
What other advice do I have?
We're a customer and end-user.
We are using a recent version of the solution.
I'd like potential new users to be aware that it's a good tool to implement basic code.
I'd rate the solution nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Useful for static code analysis
Pros and Cons
- "Considering the analysis part and the benchmarking process involving the product that my company carried out, the solution is good for finding bugs and violations"
- "Coverity is not a user-friendly product."
What is our primary use case?
I have not used the product for my projects in the company recently, but I know that some other teams use it for certain work.
Coverity is used as a static code analysis tool in my company.
What needs improvement?
Compared to the other tools in the market, Coverity is not a user-friendly product. Coverity fails to provide the same comfort as other solutions in the market, which provides better visibility of reports.
For how long have I used the solution?
I have experience with Coverity. I am a customer of the tool.
How are customer service and support?
I have not directly contacted the product's support team, but there is a group within the corporate circles that maintains the tool, and so they communicate with the tool's technical team. I believe that the support offered was satisfactory.
Which solution did I use previously and why did I switch?
I don't use any other products which are similar to Coverity.
How was the initial setup?
I was involved in the tool's deployment phase.
What's my experience with pricing, setup cost, and licensing?
Depending on the usage types, one has to opt for different types of licenses from Coverity, especially to be able to use areas like report viewing or report generation. Reviewers may have to opt for a different license. For report generation, I used the product two to three ago for a project, and it was done mainly for benchmarking. The setting of the jobs or the configurations was pretty difficult compared to the other products in the market. Working with the product is a bit difficult in general.
I don't have accurate information about the prices associated with the product.
Which other solutions did I evaluate?
I am not the person in authority who makes decisions over whether the company should look at other options apart from Coverity. The higher management makes such decisions while I am just a part of the product development team.
What other advice do I have?
In terms of the satisfaction derived from the use of the product in our company, I would say that there was another person in my company who benchmarked against Coverity with other products like SonarQube and some other LDRA solutions. Products are used considering that different projects would have different requirements.
I can't say whether the product has helped my company maintain compliance with coding standards since we are not currently using Coverity. Many projects have strict guidelines when it comes to the static code analysis part. In the future, the tool's ability to maintain compliance with coding standards can be useful.
My company has licenses to use the product.
I don't have vast experience with Coverity to be able to say whether I would recommend the product to others or not.
I did not use the tool's AI capabilities.
Considering the analysis part and the benchmarking process involving the product that my company carried out, the solution is good for finding bugs and violations. I rate the tool at eight to nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Jul 30, 2024
Flag as inappropriateLead Database security at a consultancy with 201-500 employees
A comprehensive solution for SaaS support providing detailed report and security advisor
What is our primary use case?
We use the solution for SaaS support.
What is most valuable?
The most valuable feature is the security advisor. It also provides a very detailed report.
What needs improvement?
Triage history has many bugs and needs to be improved. There could be a subsection. The solution could provide a graphical representation like other tools.
We have OS 2021, which is not the latest one. It should be updated regularly.
For how long have I used the solution?
I have been using Coverity for almost a year.
What do I think about the stability of the solution?
The product is stable.
I rate the solution’s stability a nine out of ten.
What do I think about the scalability of the solution?
Our organization has 20-30 users using this solution.
I rate the solution’s scalability an eight out of ten.
How are customer service and support?
Technical support has expert hours and is available anytime. Also, we don't need to raise a ticket now because we have direct support from Coverity.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We are exploring Black Duck, which has more precise things. Coverity has a clear view. The report is very much clear rather than confusing like other tools. It also has a PDF option, and it gives precise information.
How was the initial setup?
The initial setup is simple.
What's my experience with pricing, setup cost, and licensing?
The solution has higher pricing. The price should be based on the user count. Suppose there is a ten-user license per pack. However, this could be adjusted to five users if needed.
What other advice do I have?
Overall, I rate the solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Stable solution with good technical support service
Pros and Cons
- "It is a scalable solution."
- "Sometimes, vulnerabilities remain unidentified even after setting up the rules."
What is our primary use case?
We use the solution to scan the static code and identify vulnerabilities. We can verify the rules and scripting during various applications' implementation processes.
What is most valuable?
The solution has a low false positive rate compared to other vendors. Also, it can scan complex codes. In addition, it has the best features for trial analysis, integration, and language support.
What needs improvement?
Sometimes, vulnerabilities are not identified even after setting up the automated scanning rules. They should include a feature combining automated scanning tools with manual code reviews for better output.
For how long have I used the solution?
I have been using the solution for five years.
What do I think about the stability of the solution?
I rate the solution's stability a nine out of ten.
What do I think about the scalability of the solution?
It is a scalable solution. We can quickly scan around 100 DLS using it. I rate its scalability a nine.
How are customer service and support?
I interact with the solution's technical support team in terms of tuning the tool and improvements. They acknowledge the emails and respond to them quickly.
How would you rate customer service and support?
Positive
How was the initial setup?
The solution integrates well with different tools. Thus, its setup process is relatively straightforward.
What's my experience with pricing, setup cost, and licensing?
The solution is affordable. I rate its pricing a six out of ten.
What other advice do I have?
I recommend the solution to others and rate it a ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Coverity Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Static Application Security Testing (SAST)Popular Comparisons
SonarQube Server (formerly SonarQube)
Veracode
GitLab
Checkmarx One
Snyk
OWASP Zap
Mend.io
SonarQube Cloud (formerly SonarCloud)
Fortify on Demand
Sonatype Lifecycle
Acunetix
PortSwigger Burp Suite Professional
HCL AppScan
Qualys Web Application Scanning
Klocwork
Buyer's Guide
Download our free Coverity Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the difference between Coverity and SonarQube?
- What is the biggest difference between Coverity and SonarQube?
- How would you decide between Coverity and Sonarqube?
- What Application Security Solution Do You Use That Is DevOps Friendly?
- Which is the most comprehensive open source Web Security Testing tool?
- What is the best Application Security Testing platform?
- When evaluating Application Security Testing, what aspect do you think is the most important to look for?
- SAST vs. DAST: Which is better for application security testing?
- What tools do you rely on for building a DevSecOps pipeline?
- What does the Log4j/Log4Shell vulnerability mean for your company?