We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing remediation guidance in several languages. It helps developers to understand and fix issues.
We liked the integration of SonarQube with our workflows. Also, you can fine-tune the test level. It is easy to use and very visual. We especially like that it displays red and green bars over the code that the test doesn’t cover. It also detects potential dirty code and gives a detailed report with the percentage the test covered. All in all, it is very helpful in code reviews and saves a lot of time.
We found some downsides, too, though. It is not easy to integrate with Jenkins. Also, the setup is time-consuming and a bit complex. Our developers said that sometimes the check rules are too strict, making it difficult to make a new commit.
Coverity is static analysis (SAST) software that helps uncover security and quality code issues early in the software development life cycle. It is a good text editor and helps to debug and analyze the code really fast. It also has a high detection rate. It is easy to integrate Coverity into the I/CD pipeline. It is also helpful in marking false positives.
That being said, the product is relatively new, and it has a few bugs. For instance, the dereferences of NULL pointers. It also takes a lot of time to show results. We found the UI/UX to be cumbersome to use. The price is also a downside.
Conclusion
If you only need a SAST tester, Coverity can be useful. It provides basic functionality and detects issues. If you want a complete solution, then SonarQube is the better choice.
SonarQube and Coverity Static compete in the static code analysis category. SonarQube appears to have the upper hand due to its open-source adaptability, cost-effective community edition, and strong community support, whereas Coverity Static is noted for its deep scanning capabilities and robust vulnerability detection.Features: SonarQube is valued for its extensive plugin availability, support for multiple programming languages, and seamless integration with CI/CD tools. Coverity Static is...
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing remediation guidance in several languages. It helps developers to understand and fix issues.
We liked the integration of SonarQube with our workflows. Also, you can fine-tune the test level. It is easy to use and very visual. We especially like that it displays red and green bars over the code that the test doesn’t cover. It also detects potential dirty code and gives a detailed report with the percentage the test covered. All in all, it is very helpful in code reviews and saves a lot of time.
We found some downsides, too, though. It is not easy to integrate with Jenkins. Also, the setup is time-consuming and a bit complex. Our developers said that sometimes the check rules are too strict, making it difficult to make a new commit.
Coverity is static analysis (SAST) software that helps uncover security and quality code issues early in the software development life cycle. It is a good text editor and helps to debug and analyze the code really fast. It also has a high detection rate. It is easy to integrate Coverity into the I/CD pipeline. It is also helpful in marking false positives.
That being said, the product is relatively new, and it has a few bugs. For instance, the dereferences of NULL pointers. It also takes a lot of time to show results. We found the UI/UX to be cumbersome to use. The price is also a downside.
Conclusion
If you only need a SAST tester, Coverity can be useful. It provides basic functionality and detects issues. If you want a complete solution, then SonarQube is the better choice.