Coverity Review

Enables our entire company to publish the analysis results into our central space


What is our primary use case?

We use Coverity during the software integration phase. We have a lot of components so we use Coverity to build the components, analyze and publish the data into sonar server and that's our work.

How has it helped my organization?

Depending on our product's needs, we defined the rule set to check and improve the source code.

What is most valuable?

The features I find most valuable is that our entire company can publish the analysis results into our central space. That allows us to see the latest quality of all components on the sonar web page.

What needs improvement?

My personal opinion is that the webpage of the last version of Coverity is not very easy to use. They've made some unnecessary changes and now I can't see all the analysis results or my status from when we started using the solution up to now. Because we have many components on the integration field, it is sometimes hard to find files of one specific component because we use relative path. When I look at the components, they all look very similar. But that is just my personal opinion.

I would also like to see a more user-friendly user interface and configuration. I can see the menu on the left but it's a little different from the other tools that I use, but this is perhaps only a personal thing. 

For how long have I used the solution?

We have been working on Coverity for about a year and a half

What do I think about the stability of the solution?

Coverity is a very stable solution.

What do I think about the scalability of the solution?

I believe the solution is scalable. Sometimes I want to put one component in a certain project, and I need to find what's the best way for us. We have a lot of users using Coverity and we will adapt it into our program. 

How are customer service and technical support?

Most of the time I just do some research myself and Google their webpage to see how I can find a solution for my problem. The program has a tools team to help find the solutions. 

Which solution did I use previously and why did I switch?

My personal business used other tools that offered sonar language tracking. We used a mix of programs with specific options and some standard gcc options. But last year our team preferred to use more visual tools to follow the whole company's policy. That is why we chose Coverity.

How was the initial setup?

We have an administrator for the deployment, so I am only a user. I just added a few projects and streams, and use the data extracted from the compilation, and run the analysis. The setup did take a long time, however.

What about the implementation team?

We implement through an in-house tools team.

What was our ROI?

I don't care it so much.

What's my experience with pricing, setup cost, and licensing?

For the setup, it's better to adapt the solution from the mature projects.

Don't care so much the pricing and licensing being the end user.

Which other solutions did I evaluate?

Before choosing, we tried to use gcc compiler options, i.e. 

EXT_GCOV_FLAGS='-fprofile-arcs -ftest-coverage'
EXT_GCOV_LDFLAGS=-fprofile-arcs
EXT_CC_FLAGS=-fdiagnostics-show-option
GCOV_LIB=-lgcov

What other advice do I have?

I will suggest that when they use the program for a new project, they should just copy the data from a mature solution to the new project because the setup really takes a long time. We spent a lot of time to set Coverity up because I thought of creating the project in the Coverity server and use Coverity for the sonar part properly. But it took a long time. I will give the solution a 7.5 rating out of ten. When we officially use all the data, it will accumulate more experiences and then we will have different opinions.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email