We performed a comparison between Coverity and SonarQube based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Result: Based on the parameters we compared, SonarQube comes out ahead of Coverity. Although both products have valuable features and can be estimated as high-end solutions, our reviewers found that Coverity is an expensive solution with an unfriendly licensing mechanism and a difficult exit process, which may make it less accessible for smaller teams or companies with budgetary constraints.
"The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent."
"The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code."
"I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be."
"Coverity gives advisory and deviation features, which are some of the parts I liked."
"The product is easy to use."
"The features I find most valuable is that our entire company can publish the analysis results into our central space."
"It's very stable."
"We were very comfortable with the initial setup."
"The features of SonarQube that I find most valuable for identifying code smells are its comprehensive code analysis capabilities, which cover various aspects of code sustainability."
"This solution has helped with the integration and building of our CICD pipeline."
"If you want to have your code scanned and timed then this is a good tool."
"It provides you with many features, as it does with the premium model, but there are still extra features that can be purchased if needed."
"The most valuable feature of this solution is that it is free."
"The solution has a plug-in that supports both C and C++ languages."
"I like the by-default policies that are they, as they seem to cover most of what I need."
"I am only interested in the security features in SonarQube. There are plenty of features other features, such as test coverage, code anomalies, and pointer access are handled by the business logic teams. They get the reports and they have to fix them in JIRA or Bugzilla."
"There should be additional IDE support."
"Sometimes, vulnerabilities remain unidentified even after setting up the rules."
"It should be easier to specify your own validation routines and sanitation routines."
"Sometimes it's a bit hard to figure out how to use the product’s UI."
"Its price can be improved. Price is always an issue with Synopsys."
"The tool needs to improve its reporting."
"They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier."
"It would be great if we could customize the rules to focus on critical issues."
"I would like to see SonarQube implement a good amount of improvements to the product's security features. Another aspect of SonarQube that could be improved is the search functionality."
"There is need for support for the additional languages and ease of use in adding new rules for detecting issues."
"You may need to purchase add-ons to get the useability you desire."
"The software testing tool capability could improve. It does not always integrate well. You have to use a specific plugin and the plugin does not always go in Apple's applications."
"The security in SonarQube could be better."
"We've been using the Community Edition, which means that we get to use it at our leisure, and they're kind enough to literally give it to us. However, it takes a fair amount of effort to figure out how to get everything up and running. Since we didn't go with the professional paid version, we're not entitled to support. Of course that could be self-correcting if we were to make the step to buy into this and really use it. Then their technical support would be available to us to make strides for using it better."
"Dynamic scanning is missing and there are some issues with security scanning."
"The product needs to integrate other security tools for security scanning."
Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews while SonarQube is ranked 1st in Application Security Testing (AST) with 108 reviews. Coverity is rated 7.8, while SonarQube is rated 8.0. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Coverity is most compared with Klocwork, Fortify on Demand, Checkmarx One, Veracode and Polyspace Code Prover, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Veracode, Snyk and Sonatype Lifecycle. See our Coverity vs. SonarQube report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.