We have a development team and we are using this product for static code analysis.
Coverity Review
Integrates well with Jenkins and GitLab, and has helped us find errors before going into production
Sep 23 2020
What is our primary use case?
How has it helped my organization?
This product has definitely helped our organization. Based on what I have heard from the development team, they have found a lot of issues before code goes into production.
What is most valuable?
The most valuable feature is the integration with Jenkins. Jenkins can be used to automatically run it to perform the code analysis.
Integration with GitLab is helpful.
What needs improvement?
Coverity is too costly, which is why we are trying other tools. Ideally, it would have a user-based license that does not have a restriction in the number of lines of code.
For how long have I used the solution?
We have been using Coverity for between five and six years.
What do I think about the scalability of the solution?
Coverity is used across our entire organization.
How was the initial setup?
The initial setup in the Windows environment was straightforward. However, for Linux, it has some complexity.
What about the implementation team?
We have a separate team in the company that takes care of deployment. One person is enough for the task
What's my experience with pricing, setup cost, and licensing?
The licensing fees are based on the number of lines of code. We may not need more than five user licenses but with a restriction on the number of lines of code, for a small company the cost will shoot up.
Which other solutions did I evaluate?
Our license for Coverity has expired and we are in the process of exploring new static code analysis tools. Ideally, we would like to have one that is low-cost.
One of the products that I have downloaded a trial version for is SonarQube. At this point, I have only installed the Windows version but I plan on testing the Linux version, as well.
What other advice do I have?
In summary, this is a helpful product and the feedback that I have heard from the development team is good.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
**Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
More Coverity reviews from users
Learn what your peers think about Coverity. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
457,209 professionals have used our research since 2012.
Author
reviewer1419987
Senior Technical Specialist at a tech services company with 201-500 employees
Real User
Top 5Highlights
Pros
The most valuable feature is the integration with Jenkins.
Cons
Ideally, it would have a user-based license that does not have a restriction in the number of lines of code.
Pricing Advice
The licensing fees are based on the number of lines of code.
Product Categories
Application SecurityPopular Comparisons
SonarQube
Veracode
Micro Focus Fortify on Demand
Checkmarx
Klocwork
Fortify Application Defender
Polyspace Code Prover
CodeSonar
Parasoft SOAtest
WhiteSource
Synopsys Defensics
HCL AppScan
Kiuwan
CAST Application Intelligence Platform
Sonatype Nexus Lifecycle
Buyer's Guide
Download our free Coverity Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More:
- Scan
- Plugin
- Jenkins
- Analysis
- Integration
- Eclipse
- Code Analysis
- Server
- Java
- GitLab
- Linux
- Languages
- API
- Primary Use Case
- Valuable Features
- Room for Improvement
- When evaluating Application Security, what aspect do you think is the most important to look for?
- Which application security solutions include both vulnerability scans and quality checks?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- How was the 2020 Twitter Hack carried out? How could it have been prevented?
- Is SonarQube the best tool for static analysis?
- What are the OWASP top 10 in 2020?
- SAST vs. DAST: Which is better for application security testing?