Lead Information Security at GEP Worldwide at ReBIT
Real User
Top 20
2024-08-29T16:07:46Z
Aug 29, 2024
Overall, I would rate it a nine out of ten. I would recommend this tool to people who are working on secure software development. I’ll recommend this tool to all the developers and security folks who want to scale their processes and incorporate code-scanning technology into their processes.
Director at a healthcare company with 10,001+ employees
Real User
Top 5
2024-06-18T09:19:05Z
Jun 18, 2024
I am satisfied with the product. The tool is used for specific use cases like embedded systems. I would not recommend the tool for web application technologies, Java, or cloud-native technologies since the tool is meant for embedded codes. I rate the tool a six out of ten.
The security vulnerability detection from Coverity works excellently, but on a few occasions, there are false positives. The chances of false positive generation by the solution are extremely low. The product has a high detection rate, which helps developers handle configuration and confidentiality issues. The cost savings offered by the solution depend upon the country of purchase; in our country, the dollar value of the product is extremely high. At our company, we have imported the solution at the dollar value, but an RFP has been assorted so that the competitors can participate in an auction of the product and we can obtain the solution at a fair value. Five years ago, Coverity took a competitive approach and wanted to establish a presence in South Asian markets, so our company received a discounted price for the solution at that time. Now the vendor has procured numerous customers in South Asia, and we will have to take the RFP again next year to find an affordable solution. Coverity handles false positives very well. I would rate the false positive managing feature a nine out of ten. I would advise others to practice using the solution for a few days on SourceForge auditing; if an individual works on Coverity regularly, it becomes easier to use. If there are any issues with Coverity, there is no need to panic; the individual can raise a proper ticket to avail themselves of the excellent troubleshooting support from the vendor. I would suggest purchasing the solution if it's within the budget. Overall, I would rate Coverity a nine out of ten.
I will definitely recommend the product to others. We evaluated many solutions. I found Coverity easy to use, fairly priced, and it does the expected job. Overall, I rate the tool a ten out of ten.
Coverity is quite a good tool that helps fix big issues and deal with code analysis. Coverity's scanning features and scalability are also quite good. The only drawback of the product stems from the fact that it is quite an expensive product. The product's cost can seem too high for a normal user. If your organization is quite good and okay with exploring the tool with its current costs, then you can opt for Coverity. Otherwise, you can use other solutions, like the free community edition from SonarQube. I rate the overall solution an eight out of ten.
Coverity's documentation is pretty straightforward and I would rate it a seven out of ten. The solution is cheap and provides us with a dedicated server.
Senior Engineer at a computer software company with 5,001-10,000 employees
Real User
Top 10
2023-05-05T10:32:00Z
May 5, 2023
Overall, I would rate Coverity a seven out of ten. I can rate it higher because there are a few areas of improvement in Coverity. The first problem is the pricing. The second one is some features not performing well, like duplicate detection and switch case situations.
My advice to other is the first few steps of using Coverity takes time. It's better to have an experienced user to support it. For new users, it will be hard for them to set it up. If they can get someone to support it directly at the beginning it would be better because for me it's very hard at the beginning for a few weeks. And on a scale from one to 10, how would you rate Coverity? I rate Coverity an eight out of ten.
We're a customer and end-user. We are using a recent version of the solution. I'd like potential new users to be aware that it's a good tool to implement basic code. I'd rate the solution nine out of ten.
Senior Solutions Architect at a computer software company with 11-50 employees
Real User
2021-10-12T16:07:00Z
Oct 12, 2021
I rate Coverity nine out of 10. It's a good choice. If you plan to use Coverity, you should read through the manual to really understand its settings. You have to tune the Coverity engine to get the best research and scalability out of it. A Coverity recently added some smart features that automatically compute the hardware requirements in your current machine. It automatically scales up. For example, it can detect how much multi-core CPU power it needs to run an analysis and how much memory is required, so it makes resources available for other applications running on the same machine. That intelligence has been built on. So initially, I recommend going over the fundamentals and fine-tuning it based on one's own requirements.
I rate Coverity five out of 10, but it's tough for me to judge because we decided to purchase it based on one requirement that no other static analysis tool could satisfy. For that reason, we haven't tried anything else. So, let's make an analogy. Let's say I used Sony TVs my entire life, and someone comes up and says, "Hey, there is a new brand of TVs. What do you think of them? Do you think they are good?" How would I know? By comparison, SonarQube seems to be more feature-rich for a standard programming language, and it works with more continuous integration tools.
Director at a manufacturing company with 10,001+ employees
Real User
2020-10-30T18:48:21Z
Oct 30, 2020
I would recommend this solution if you can afford it. If you have enough budget, it is one of the best solutions right now. There may be other cheaper solutions, but you get what you pay for. We have been using Coverity for several years. We would not have continued using it if it was not a good solution. We always have some minor questions or improvements for them, and they always give us a relatively fast response. I would rate Coverity a nine out of ten. Only its price should be improved.
Security Consultant at a tech services company with 11-50 employees
Consultant
2020-09-30T08:03:31Z
Sep 30, 2020
My advice for anybody who is considering this product is to first look around your organization to see if it has already been implemented in another group. If you're a big organization then Coverity or a similar tool may already be in use. In cases like this, I would say that it is best to adopt the same tool because your organization has already gone down that path and there are no huge differences in the capabilities of these tools. Some of them do it in different ways and some do things that others don't, but you won't have the initial bump of the learning curve and you can leverage their experience. I would rate this solution a seven out of ten.
Senior Technical Specialist at a tech services company with 201-500 employees
Real User
2020-09-23T06:10:04Z
Sep 23, 2020
In summary, this is a helpful product and the feedback that I have heard from the development team is good. I would rate this solution an eight out of ten.
Automation Practice Leader at a financial services firm with 10,001+ employees
Real User
2020-04-02T07:00:09Z
Apr 2, 2020
We also purchased Black Duck Binary Analysis and the Black Duck Hub from Synopsys. My advice for anybody who is implementing this solution is to try to best capture security issues while the code is being written, rather than waiting until it is compiling. It’s easier and much more cost-effective to find vulnerabilities at the earlier, code-writing stage. The other thing to keep in mind is that you should not rely on one approach to code security. You need to make sure that binary security is also in place, which is not done using Coverity. Any company that wants to secure its environment will need multiple levels of security scanning, and only one of these is handled by Coverity. The second one, binary scanning, can be done by using Black Duck or Veracode. This continues onto other security concerns, such as network scanning. I would rate this solution a seven out of ten.
Security Engineer at a comms service provider with 10,001+ employees
Real User
2019-08-26T06:42:00Z
Aug 26, 2019
I would recommend this solution depending on the language you're using, Java and C++. I would rate it a five out of ten. Not a ten because it's not efficient for the language we use.
I will suggest that when they use the program for a new project, they should just copy the data from a mature solution to the new project because the setup really takes a long time. We spent a lot of time to set Coverity up because I thought of creating the project in the Coverity server and use Coverity for the sonar part properly. But it took a long time. I will give the solution a 7.5 rating out of ten. When we officially use all the data, it will accumulate more experiences and then we will have different opinions.
Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise...
Overall, I would rate it a nine out of ten. I would recommend this tool to people who are working on secure software development. I’ll recommend this tool to all the developers and security folks who want to scale their processes and incorporate code-scanning technology into their processes.
I rate the overall solution a nine out of ten.
I am satisfied with the product. The tool is used for specific use cases like embedded systems. I would not recommend the tool for web application technologies, Java, or cloud-native technologies since the tool is meant for embedded codes. I rate the tool a six out of ten.
The security vulnerability detection from Coverity works excellently, but on a few occasions, there are false positives. The chances of false positive generation by the solution are extremely low. The product has a high detection rate, which helps developers handle configuration and confidentiality issues. The cost savings offered by the solution depend upon the country of purchase; in our country, the dollar value of the product is extremely high. At our company, we have imported the solution at the dollar value, but an RFP has been assorted so that the competitors can participate in an auction of the product and we can obtain the solution at a fair value. Five years ago, Coverity took a competitive approach and wanted to establish a presence in South Asian markets, so our company received a discounted price for the solution at that time. Now the vendor has procured numerous customers in South Asia, and we will have to take the RFP again next year to find an affordable solution. Coverity handles false positives very well. I would rate the false positive managing feature a nine out of ten. I would advise others to practice using the solution for a few days on SourceForge auditing; if an individual works on Coverity regularly, it becomes easier to use. If there are any issues with Coverity, there is no need to panic; the individual can raise a proper ticket to avail themselves of the excellent troubleshooting support from the vendor. I would suggest purchasing the solution if it's within the budget. Overall, I would rate Coverity a nine out of ten.
I would recommend the solution for C# but not for C++. I rate the overall product a six out of ten.
I will definitely recommend the product to others. We evaluated many solutions. I found Coverity easy to use, fairly priced, and it does the expected job. Overall, I rate the tool a ten out of ten.
I rate the solution a nine out of ten.
Coverity is quite a good tool that helps fix big issues and deal with code analysis. Coverity's scanning features and scalability are also quite good. The only drawback of the product stems from the fact that it is quite an expensive product. The product's cost can seem too high for a normal user. If your organization is quite good and okay with exploring the tool with its current costs, then you can opt for Coverity. Otherwise, you can use other solutions, like the free community edition from SonarQube. I rate the overall solution an eight out of ten.
Overall, I rate the solution an eight out of ten.
Coverity's documentation is pretty straightforward and I would rate it a seven out of ten. The solution is cheap and provides us with a dedicated server.
I rate the solution eight out of ten.
Overall, I would rate Coverity a seven out of ten. I can rate it higher because there are a few areas of improvement in Coverity. The first problem is the pricing. The second one is some features not performing well, like duplicate detection and switch case situations.
I would rate this solution a seven out of ten.
I would recommend the solution if it includes more features. I rate the solution an eight out of ten.
We're a customer. I would rate the solution seven out of ten.
My advice to other is the first few steps of using Coverity takes time. It's better to have an experienced user to support it. For new users, it will be hard for them to set it up. If they can get someone to support it directly at the beginning it would be better because for me it's very hard at the beginning for a few weeks. And on a scale from one to 10, how would you rate Coverity? I rate Coverity an eight out of ten.
If they have a cluster structure, then definitely they should use Coverity. I would rate Coverity a nine out of ten.
We're a customer and end-user. We are using a recent version of the solution. I'd like potential new users to be aware that it's a good tool to implement basic code. I'd rate the solution nine out of ten.
I rate Coverity nine out of 10. It's a good choice. If you plan to use Coverity, you should read through the manual to really understand its settings. You have to tune the Coverity engine to get the best research and scalability out of it. A Coverity recently added some smart features that automatically compute the hardware requirements in your current machine. It automatically scales up. For example, it can detect how much multi-core CPU power it needs to run an analysis and how much memory is required, so it makes resources available for other applications running on the same machine. That intelligence has been built on. So initially, I recommend going over the fundamentals and fine-tuning it based on one's own requirements.
I rate Coverity five out of 10, but it's tough for me to judge because we decided to purchase it based on one requirement that no other static analysis tool could satisfy. For that reason, we haven't tried anything else. So, let's make an analogy. Let's say I used Sony TVs my entire life, and someone comes up and says, "Hey, there is a new brand of TVs. What do you think of them? Do you think they are good?" How would I know? By comparison, SonarQube seems to be more feature-rich for a standard programming language, and it works with more continuous integration tools.
I would recommend this solution if you can afford it. If you have enough budget, it is one of the best solutions right now. There may be other cheaper solutions, but you get what you pay for. We have been using Coverity for several years. We would not have continued using it if it was not a good solution. We always have some minor questions or improvements for them, and they always give us a relatively fast response. I would rate Coverity a nine out of ten. Only its price should be improved.
My advice for anybody who is considering this product is to first look around your organization to see if it has already been implemented in another group. If you're a big organization then Coverity or a similar tool may already be in use. In cases like this, I would say that it is best to adopt the same tool because your organization has already gone down that path and there are no huge differences in the capabilities of these tools. Some of them do it in different ways and some do things that others don't, but you won't have the initial bump of the learning curve and you can leverage their experience. I would rate this solution a seven out of ten.
In summary, this is a helpful product and the feedback that I have heard from the development team is good. I would rate this solution an eight out of ten.
We also purchased Black Duck Binary Analysis and the Black Duck Hub from Synopsys. My advice for anybody who is implementing this solution is to try to best capture security issues while the code is being written, rather than waiting until it is compiling. It’s easier and much more cost-effective to find vulnerabilities at the earlier, code-writing stage. The other thing to keep in mind is that you should not rely on one approach to code security. You need to make sure that binary security is also in place, which is not done using Coverity. Any company that wants to secure its environment will need multiple levels of security scanning, and only one of these is handled by Coverity. The second one, binary scanning, can be done by using Black Duck or Veracode. This continues onto other security concerns, such as network scanning. I would rate this solution a seven out of ten.
I would recommend this solution depending on the language you're using, Java and C++. I would rate it a five out of ten. Not a ten because it's not efficient for the language we use.
I will suggest that when they use the program for a new project, they should just copy the data from a mature solution to the new project because the setup really takes a long time. We spent a lot of time to set Coverity up because I thought of creating the project in the Coverity server and use Coverity for the sonar part properly. But it took a long time. I will give the solution a 7.5 rating out of ten. When we officially use all the data, it will accumulate more experiences and then we will have different opinions.
Try it out for yourself, and decide whether it's useful for you.