We use Coverity primarily to find issues such as software bugs and memory leaks, especially in C++ and C# projects. It helps us identify deadlocks, synchronization issues, and product crashes.
Senior Software Architect at a tech vendor with 10,001+ employees
Resolving critical software issues demands faster implementation and better integration
Pros and Cons
- "The most valuable feature of Coverity is its interprocedural analysis, which is advantageous because it compares favorably with other tools in terms of security and code analysis."
- "Coverity's implementation cycle is very slow when integrating changes, especially for problems related to event handling and memory leaks."
What is our primary use case?
How has it helped my organization?
Coverity has been instrumental in resolving product crashes by detecting various issues like deadlocks. It helped us resolve synchronization issues in automobile companies where products were not able to shut down.
What is most valuable?
The most valuable feature of Coverity is its interprocedural analysis, which is advantageous because it compares favorably with other tools in terms of security and code analysis. It is particularly effective for C++ and C# languages.
What needs improvement?
Coverity's implementation cycle is very slow when integrating changes, especially for problems related to event handling and memory leaks. The dashboard is not well integrated with SonarQube, presenting compatibility issues. Additionally, the Coverity license fee is very high, making it tricky for individual developers.
Buyer's Guide
Coverity
November 2024
Learn what your peers think about Coverity. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
For how long have I used the solution?
I have been working with Coverity for more than 15 years.
What do I think about the scalability of the solution?
There may be financial allocation challenges. They are not due to Coverity itself.
How are customer service and support?
The customer service is friendly and responsive to existing issues. That said, they have limitations when the solution lacks certain features. They still try their best to help with what is within their control.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
SonarQube is used for comparison as it is cheaper. However, Coverity is preferred for its specific advantages.
How was the initial setup?
The setup process is reasonably easy for minimal deployment, though some issues may arise with new licenses.
What's my experience with pricing, setup cost, and licensing?
Coverity is considered expensive compared to other tools like SonarQube, which is much cheaper.
Which other solutions did I evaluate?
We also evaluated SonarQube.
What other advice do I have?
Coverity is highly recommended for organizations using C++ or C# due to its advantages in interprocedural analysis, which detects various issues efficiently.
I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Nov 4, 2024
Flag as inappropriateBuyer's Guide
Download our free Coverity Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Static Application Security Testing (SAST)Popular Comparisons
SonarQube Server (formerly SonarQube)
Veracode
GitLab
Checkmarx One
Snyk
OWASP Zap
Mend.io
SonarQube Cloud (formerly SonarCloud)
Fortify on Demand
Sonatype Lifecycle
Acunetix
PortSwigger Burp Suite Professional
HCL AppScan
Qualys Web Application Scanning
Klocwork
Buyer's Guide
Download our free Coverity Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the difference between Coverity and SonarQube?
- What is the biggest difference between Coverity and SonarQube?
- How would you decide between Coverity and Sonarqube?
- What Application Security Solution Do You Use That Is DevOps Friendly?
- Which is the most comprehensive open source Web Security Testing tool?
- What is the best Application Security Testing platform?
- When evaluating Application Security Testing, what aspect do you think is the most important to look for?
- SAST vs. DAST: Which is better for application security testing?
- What tools do you rely on for building a DevSecOps pipeline?
- What does the Log4j/Log4Shell vulnerability mean for your company?