We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing remediation guidance in several languages. It helps developers to understand and fix issues.
We liked the integration of SonarQube with our workflows. Also, you can fine-tune the test level. It is easy to use and very visual. We especially like that it displays red and green bars over the code that the test doesn’t cover. It also detects potential dirty code and gives a detailed report with the percentage the test covered. All in all, it is very helpful in code reviews and saves a lot of time.
We found some downsides, too, though. It is not easy to integrate with Jenkins. Also, the setup is time-consuming and a bit complex. Our developers said that sometimes the check rules are too strict, making it difficult to make a new commit.
Coverity is static analysis (SAST) software that helps uncover security and quality code issues early in the software development life cycle. It is a good text editor and helps to debug and analyze the code really fast. It also has a high detection rate. It is easy to integrate Coverity into the I/CD pipeline. It is also helpful in marking false positives.
That being said, the product is relatively new, and it has a few bugs. For instance, the dereferences of NULL pointers. It also takes a lot of time to show results. We found the UI/UX to be cumbersome to use. The price is also a downside.
Conclusion
If you only need a SAST tester, Coverity can be useful. It provides basic functionality and detects issues. If you want a complete solution, then SonarQube is the better choice.
SonarQube Server and Coverity compete in the software quality assurance domain. SonarQube seems to have the upper hand due to its open-source nature, community-driven support, and effective integration capabilities.Features: SonarQube Server prioritizes ease of installation, features a stable platform, and provides extensive support for various tech stacks. It includes a free community edition and efficiently identifies vulnerabilities with a low false positive rate. Coverity offers low false...
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing remediation guidance in several languages. It helps developers to understand and fix issues.
We liked the integration of SonarQube with our workflows. Also, you can fine-tune the test level. It is easy to use and very visual. We especially like that it displays red and green bars over the code that the test doesn’t cover. It also detects potential dirty code and gives a detailed report with the percentage the test covered. All in all, it is very helpful in code reviews and saves a lot of time.
We found some downsides, too, though. It is not easy to integrate with Jenkins. Also, the setup is time-consuming and a bit complex. Our developers said that sometimes the check rules are too strict, making it difficult to make a new commit.
Coverity is static analysis (SAST) software that helps uncover security and quality code issues early in the software development life cycle. It is a good text editor and helps to debug and analyze the code really fast. It also has a high detection rate. It is easy to integrate Coverity into the I/CD pipeline. It is also helpful in marking false positives.
That being said, the product is relatively new, and it has a few bugs. For instance, the dereferences of NULL pointers. It also takes a lot of time to show results. We found the UI/UX to be cumbersome to use. The price is also a downside.
Conclusion
If you only need a SAST tester, Coverity can be useful. It provides basic functionality and detects issues. If you want a complete solution, then SonarQube is the better choice.