• Home
  • CodeSonar vs. Coverity

CodeSonar vs Coverity comparison

Cancel
You must select at least 2 products to compare!
CodeSecure Logo
CodeSonar
Read 7 CodeSonar reviews
1,941 views|1,239 comparisons
87% willing to recommend
Synopsys Logo
Coverity
Read 33 Coverity reviews
17,611 views|11,453 comparisons
88% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Application Security Tools
April 2024
Executive Summary

We performed a comparison between CodeSonar and Coverity based on real PeerSpot user reviews.

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools.
To learn more, read our detailed Application Security Tools Report (Updated: April 2024).
Download the complete report
770,292 professionals have used our research since 2012.
Featured Review
antony
Researched Coverity but chose CodeSonar: Good error detection, speedy, shows precise logs and results, and has a user-friendly GUI
Archana Verma
Provides software security and helps find potential security bugs or defects
Coverity has improved our functionality and efficiency.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"There is nice functionality for code surfing and browsing.""CodeSonar’s most valuable feature is finding security threats.""What I like best about CodeSonar is that it has fantastic speed, analysis and configuration times. Its detection of all runtime errors is also very good, though there were times it missed a few. The configuration of logs by CodeSonar is also very fantastic which I've not seen anywhere else. I also like the GUI interface of CodeSonar because it's very user friendly and the tool also shows very precise logs and results.""The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code. Additionally, I found the buffer overflow and underflow useful.""The tool is very good for detecting memory leaks.""It has been able to scale.""The most valuable feature of CodeSonar is the catching of dead code. It is helpful."

More CodeSonar Pros →

"The solution has improved our code quality and security very well.""Coverity gives advisory and deviation features, which are some of the parts I liked.""The features I find most valuable is that our entire company can publish the analysis results into our central space.""The product is easy to use.""Coverity is scalable.""The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time.""This solution is easy to use.""The product has deeper scanning capabilities."

More Coverity Pros →

Cons
"In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category.""The scanning tool for core architecture could be improved.""In terms of areas for improvement, the use case for CodeSonar was good, but compared to other tools, it seems CodeSonar isn't a sound static analysis tool, and this is a major con I've seen from it. Right now, in the market, people prefer sound static analysis tools, so I would have preferred if CodeSonar was developed into a sound static analysis tool formally, in terms of its algorithms, so then you can see it extensively used in the market because at the moment, here in India, only fifty to sixty customers use CodeSonar. If the product is developed into a sound static analysis tool, it could compete with Polyspace, and from its current fifty customers, that number could go up to a hundred.""It was expensive.""There could be a shared licensing model for the users.""CodeSonar could improve by having better coding rules so we did not have to use another solution, such as MISRA C.""It would be beneficial for the solution to include code standards and additional functionality for security."

More CodeSonar Cons →

"It would be great if we could customize the rules to focus on critical issues.""The solution is a bit complex to use in comparison to other products that have many plugins.""The setup takes very long.""Its price can be improved. Price is always an issue with Synopsys.""SCM integration is very poor in Coverity.""Sometimes, vulnerabilities remain unidentified even after setting up the rules.""The solution could use more rules.""Right now, the Coverity executable is around 1.2GB to download. If they can reduce it to approximately 600 or 700MB, that would be great. If they decrease the executable, it will be much easier to work in an environment like Docker."

More Coverity Cons →

Pricing and Cost Advice
  • "Pricing is a bit costly."
  • "The solution's price depends on the number of licenses needed and the source code for the project."
  • "Our organization purchased a license to use the solution."
  • "The application’s pricing is high compared to other tools."

    • More CodeSonar Pricing and Cost Advice →

  • "Coverity is quite expensive."
  • "The licensing fees are based on the number of lines of code."
  • "The price is competitive with other solutions."
  • "It is expensive."
  • "Coverity is very expensive."
  • "This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis."
  • "The pricing is very reasonable compared to other platforms. It is based on a three year license."
  • "The pricing is on the expensive side, and we are paying for a couple of items."

    • More Coverity Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    See Recommendations
    770,292 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about CodeSonar?
    Top Answer:CodeSonar’s most valuable feature is finding security threats.
    Read all 6 answers   →
    What is your experience regarding pricing and costs for CodeSonar?
    Top Answer:The application’s pricing is high compared to other tools. I rate its pricing a four out of ten.
    Read all 6 answers   →
    What needs improvement with CodeSonar?
    Top Answer:Our license model allows one user per license. Currently, we have limitations for VPN profiles. We can’t share the key with other users. There could be a shared licensing model for the users. It will… more »
    Read all 6 answers   →
    How would you decide between Coverity and Sonarqube?
    Top Answer:We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing… more »
    What do you like most about Coverity?
    Top Answer:The solution has improved our code quality and security very well.
    Read all 23 answers   →
    What is your experience regarding pricing and costs for Coverity?
    Top Answer:The tool was fairly priced.
    Read all 20 answers   →
    Ranking
    21st
    out of 74 in Application Security Tools
    Views
    1,941
    Comparisons
    1,239
    Reviews
    6
    Average Words per Review
    505
    Rating
    8.2
    4th
    out of 67 in Application Security Testing (AST)
    Views
    17,611
    Comparisons
    11,453
    Reviews
    22
    Average Words per Review
    382
    Rating
    8.0
    Comparisons
    SonarQube logo
    SonarQube vs. CodeSonar
    Compared 51% of the time.
    Klocwork logo
    Klocwork vs. CodeSonar
    Compared 10% of the time.
    Polyspace Code Prover logo
    Polyspace Code Prover vs. CodeSonar
    Compared 6% of the time.
    Semgrep Code logo
    Semgrep Code vs. CodeSonar
    Compared 6% of the time.
    More CodeSonar Competitors   →
    SonarQube logo
    SonarQube vs. Coverity
    Compared 51% of the time.
    Klocwork logo
    Klocwork vs. Coverity
    Compared 9% of the time.
    Fortify on Demand logo
    Fortify on Demand vs. Coverity
    Compared 7% of the time.
    Checkmarx One logo
    Checkmarx One vs. Coverity
    Compared 6% of the time.
    Parasoft SOAtest logo
    Parasoft SOAtest vs. Coverity
    Compared 1% of the time.
    More Coverity Competitors   →
    Also Known As
    Synopsys Static Analysis
    Learn More
    CodeSecure
    Synopsys
    Overview

    GrammaTech enables organizations to develop software applications more efficiently, on-budget, and on-schedule by helping to eliminate harmful defects that can cause system failures, enable data breaches, and ultimately increase corporate liabilities in today’s connected world. GrammaTech is the developer of CodeSonar, the most powerful source and binary code analysis solution available today. Extraordinarily precise, CodeSonar finds, on average, 2 times more serious defects in software than other static analysis solutions. Designed for organizations with zero tolerance for defects and vulnerabilities in their applications, CodeSonar provides static analysis for applications where reliability and security are paramount - widely used by software developers in avionics, medical, automotive, industrial control, and other mission-critical applications. Some of GrammaTech's customers include Toyota, GE, Hyundai, Kawasaki, LG, Lockheed Martin, NASA, Northrop Grumman, Panasonic, and Samsung.

    Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts. 

    Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports 22 languages and over 70 frameworks and templates.

    Sample Customers
    Viveris, Micrel Medical Devices, Olympus, SOFTEQ, SONY
    MStar Semiconductor, Alcatel-Lucent
    Top Industries
    VISITORS READING REVIEWS
    Manufacturing Company22%
    Computer Software Company16%
    University9%
    Government6%
    REVIEWERS
    Manufacturing Company36%
    Comms Service Provider20%
    Computer Software Company20%
    Retailer8%
    VISITORS READING REVIEWS
    Manufacturing Company28%
    Computer Software Company16%
    Financial Services Firm8%
    Government4%
    Company Size
    REVIEWERS
    Small Business63%
    Midsize Enterprise13%
    Large Enterprise25%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise14%
    Large Enterprise67%
    REVIEWERS
    Small Business16%
    Midsize Enterprise14%
    Large Enterprise70%
    VISITORS READING REVIEWS
    Small Business14%
    Midsize Enterprise10%
    Large Enterprise76%
    Buyer's Guide
    Application Security Tools
    April 2024
    Download Free Report
    Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools. Updated: April 2024.
    DOWNLOAD NOW
    770,292 professionals have used our research since 2012.

    CodeSonar is ranked 21st in Application Security Tools with 7 reviews while Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews. CodeSonar is rated 8.2, while Coverity is rated 7.8. The top reviewer of CodeSonar writes "Nice interface, quick to deploy, and easy to expand". On the other hand, the top reviewer of Coverity writes "Best SAST tool to check software quality issues". CodeSonar is most compared with SonarQube, Klocwork, Polyspace Code Prover, Semgrep Code and Fortify Static Code Analyzer, whereas Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Parasoft SOAtest.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.