We use Coverity primarily to find issues such as software bugs and memory leaks, especially in C++ and C# projects. It helps us identify deadlocks, synchronization issues, and product crashes.
Lead Information Security at GEP Worldwide at ReBIT
Real User
Top 10
Aug 29, 2024
The use case is basically the code-scanning activity we perform. It helps us identify security vulnerabilities in the development phase. It aids in mitigating security risks in the initial phase of software development, so the potential risks become minimal. Those are the main use cases for this.
I have not used the product for my projects in the company recently, but I know that some other teams use it for certain work. Coverity is used as a static code analysis tool in my company.
The SourceForge benchmark, along with OWASP Top 50 and Top 10, can be implemented with Coverity. When talking about the product's source code, through the code analysis, the security issues, whether related to confidentiality, integrity, run-time error, or application crash incidents, can be identified and fixed by the developer before a solution goes for production.
I work on multiple projects using various programming languages, and Coverity provides more security and quality checks than CodeSonar, resulting in more robust results. The second point is that CodeSonar created many intermediate directories, consuming almost three-fourths of my hard disk space. In contrast, Coverity occupies less than half of the space that CodeSonar used.
We use the solution to perform security scans on our application. We worked on a healthcare product. We wanted to submit it for FDA approval. It was mandatory to validate security issues, static code analysis, and dynamic code analysis. We evaluated multiple tools and shortlisted Coverity. I worked with the Synopsys team for integration and initial setup to allow the tool to scan our application implementation and identify static and dynamic code issues.
Works at a comms service provider with 1-10 employees
Real User
Nov 17, 2023
My primary use case is performing static application security testing on various code bases, including Java, PHP, and HTML. I use it to create review reports of assets and categorize the issues based on severity.
We have to prepare our software solution for our customers. So in our environment, my cycle. We have a seven hour phase and requirement for design, implement testing, And before testing, we used this tool to clean up our potential feedback as our use case. .
We primarily use the solution for quality purposes. We also use it for security. That's one subset of quality. However, it's used for more dynamic behavior, such as memory leaks, et cetera.
We use Coverity because we have a SonarQube server and we have a lot of software components that use different languages, such as Java, C, C++, and above. For C and C++ components we use Coverity.
Senior Solutions Architect at a computer software company with 11-50 employees
Real User
Oct 12, 2021
We write thousands of lines of code on a daily basis, and we cannot say that our code is free because there are a lot of other developers contributing to the source code and things like that. And this process is prone to human error, defects in the source code, etc.
Security Consultant at a tech services company with 11-50 employees
Consultant
Sep 30, 2020
I am a consultant and I work to bring solutions to different companies. Static code analysis is one of the things that I assist people with, and Coverity is one of the tools that I use for doing that. I worked with Coverity when doing a couple of different PoCs. For these, I get a few different teams of developers together and we want to decide what makes the most sense for each team as far as scanning technologies. So, part of that is what languages are supported, part of that is how extensible it is, and part of that extensibility is do the developers have time to actually create custom roles? We also want to know things like what the professional are services like, and do people typically need many hours of professional services to get the system spun up. Other factors include whether it deployed on-premises or in the cloud, and also, which of those environments it can operate with. One of the things is there's not really a shining star out of all of these tools. SaaS tools have been getting more mature in the past decade, particularly in how fast they run, but also in the results they get. Of course, framework and language additions that increase the capability with results are considered.
Automation Practice Leader at a financial services firm with 10,001+ employees
Real User
Apr 2, 2020
I am the administrator and I use this solution to do the calibrating and security scanning of the code in my bank. We are trying to find any vulnerabilities in our code and we are integrating the process with our DevOps.
We use Coverity during the software integration phase. We have a lot of components so we use Coverity to build the components, analyze and publish the data into sonar server and that's our work.
We did a comprehensive evaluation on a number of critical parameters in the environment that we are in. Other popular tools that we evaluated failed to meet our expectations.
Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise...
I am using Coverity in my company.
I use Coverity for static code analysis, covering different kinds of malware issues that can arise and ensuring robustness in terms of security.
We use Coverity primarily to find issues such as software bugs and memory leaks, especially in C++ and C# projects. It helps us identify deadlocks, synchronization issues, and product crashes.
The use case is basically the code-scanning activity we perform. It helps us identify security vulnerabilities in the development phase. It aids in mitigating security risks in the initial phase of software development, so the potential risks become minimal. Those are the main use cases for this.
I have not used the product for my projects in the company recently, but I know that some other teams use it for certain work. Coverity is used as a static code analysis tool in my company.
I use my company's solution for code quality and secure code analysis.
The SourceForge benchmark, along with OWASP Top 50 and Top 10, can be implemented with Coverity. When talking about the product's source code, through the code analysis, the security issues, whether related to confidentiality, integrity, run-time error, or application crash incidents, can be identified and fixed by the developer before a solution goes for production.
I work on multiple projects using various programming languages, and Coverity provides more security and quality checks than CodeSonar, resulting in more robust results. The second point is that CodeSonar created many intermediate directories, consuming almost three-fourths of my hard disk space. In contrast, Coverity occupies less than half of the space that CodeSonar used.
We use the solution to perform security scans on our application. We worked on a healthcare product. We wanted to submit it for FDA approval. It was mandatory to validate security issues, static code analysis, and dynamic code analysis. We evaluated multiple tools and shortlisted Coverity. I worked with the Synopsys team for integration and initial setup to allow the tool to scan our application implementation and identify static and dynamic code issues.
My primary use case is performing static application security testing on various code bases, including Java, PHP, and HTML. I use it to create review reports of assets and categorize the issues based on severity.
I use Coverity in my company mainly to fix bug issues and detect errors with code analysis.
We use the solution for SaaS support.
We are using Coverity for Android, cluster programs, and infotainment.
We have to prepare our software solution for our customers. So in our environment, my cycle. We have a seven hour phase and requirement for design, implement testing, And before testing, we used this tool to clean up our potential feedback as our use case. .
We use Coverity to scan our code and identify any flow issues in the code that need to be fixed.
We have been working on a POC for this solution. It is an on-prem solution and we have 50 internal users.
Our company has 500 developers and engineers who the solution for C/C++ core static analysis. One engineer handles all ongoing maintenance.
We primarily use the solution for quality purposes. We also use it for security. That's one subset of quality. However, it's used for more dynamic behavior, such as memory leaks, et cetera.
We use Coverity because we have a SonarQube server and we have a lot of software components that use different languages, such as Java, C, C++, and above. For C and C++ components we use Coverity.
We are using GK and the latest version for port deployment.
We use the product only as a solution for defect code, to find more build liabilities in the code.
We write thousands of lines of code on a daily basis, and we cannot say that our code is free because there are a lot of other developers contributing to the source code and things like that. And this process is prone to human error, defects in the source code, etc.
We use Coverity for static analysis of our code.
We use it in our company during product development.
I am a consultant and I work to bring solutions to different companies. Static code analysis is one of the things that I assist people with, and Coverity is one of the tools that I use for doing that. I worked with Coverity when doing a couple of different PoCs. For these, I get a few different teams of developers together and we want to decide what makes the most sense for each team as far as scanning technologies. So, part of that is what languages are supported, part of that is how extensible it is, and part of that extensibility is do the developers have time to actually create custom roles? We also want to know things like what the professional are services like, and do people typically need many hours of professional services to get the system spun up. Other factors include whether it deployed on-premises or in the cloud, and also, which of those environments it can operate with. One of the things is there's not really a shining star out of all of these tools. SaaS tools have been getting more mature in the past decade, particularly in how fast they run, but also in the results they get. Of course, framework and language additions that increase the capability with results are considered.
We have a development team and we are using this product for static code analysis.
I am the administrator and I use this solution to do the calibrating and security scanning of the code in my bank. We are trying to find any vulnerabilities in our code and we are integrating the process with our DevOps.
We use the on-premise deployment model of this solution. Our primary use case of this solution is for auditing.
We use Coverity during the software integration phase. We have a lot of components so we use Coverity to build the components, analyze and publish the data into sonar server and that's our work.
* Raising the level of code quality, security, and robustness in the codebase * Tracking and addressing code quality issues.
I am using the latest version for my business. I personally do product evaluations, and this product has improved the efficiency of my work.
We did a comprehensive evaluation on a number of critical parameters in the environment that we are in. Other popular tools that we evaluated failed to meet our expectations.