We performed a comparison between Coverity and Synopsys Code Dx based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST)."Coverity is easy to set up and has a less lengthy process to find vulnerabilities."
"It's pretty stable. I rate the stability of Coverity nine out of ten."
"The interface of Coverity is quite good, and it is also easy to use."
"The most valuable feature of Coverity is the wrapper. We use the wrapper to build the C++ component, then we use the other code analysis to analyze the code to the build object, and then send back the result to the SonarQube server. Additionally, it is a powerful capabilities solution."
"The security analysis features are the most valuable features of this solution."
"The solution effectively identifies bugs in code."
"The product is easy to use."
"The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent."
"The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartner leader, so I position this particular technology for the technical pre-sales part of it."
"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."
"Sometimes, vulnerabilities remain unidentified even after setting up the rules."
"Coverity takes a lot of time to dereference null pointers."
"Coverity is far from perfection, and I'm not 100 percent sure it's helping me find what I need to find in my role. We need exactly what we are looking for, i.e. security errors and vulnerabilities. It doesn't seem to be reporting while we are changing our code."
"The quality of the code needs improvement."
"Ideally, it would have a user-based license that does not have a restriction in the number of lines of code."
"There should be additional IDE support."
"SCM integration is very poor in Coverity."
"The initial setup is a bit challenging because things are not easy. It needs a lot of technology adaptability plus the customer's environment-specific use cases."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 34 reviews while Synopsys Code Dx is ranked 32nd in Static Application Security Testing (SAST) with 1 review. Coverity is rated 7.8, while Synopsys Code Dx is rated 0.0. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Synopsys Code Dx writes "Facilitates continuous assessment of applications, covering both static and dynamic security aspects". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas Synopsys Code Dx is most compared with Veracode, Checkmarx One and SonarQube.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.