I would advise following an onboarding program proposed by the vendor. Do not just jump on the tool on their own, but apply it with the documentation. I suggest an adoption program.

Overall, I rate the solution a nine out of ten. I think it's one of the best SAST tools on the market.

I rate the solution eight out of ten.

I will definitely recommend the product to others. We evaluated many solutions. I found Coverity easy to use, fairly priced, and it does the expected job. Overall, I rate the tool a ten out of ten.

Overall, I would rate Coverity a seven out of ten. I can rate it higher because there are a few areas of improvement in Coverity. The first problem is the pricing. The second one is some features not performing well, like duplicate detection and switch case situations.

We're a customer and end-user.

We are using a recent version of the solution. 

I'd like potential new users to be aware that it's a good tool to implement basic code.

I'd rate the solution nine out of ten.

My advice would be to look at other solutions and evaluate on-premises or SaaS options.

Overall, I would rate Coverity at six out of ten.

Coverity is quite a good tool that helps fix big issues and deal with code analysis. Coverity's scanning features and scalability are also quite good. The only drawback of the product stems from the fact that it is quite an expensive product. The product's cost can seem too high for a normal user. If your organization is quite good and okay with exploring the tool with its current costs, then you can opt for Coverity. Otherwise, you can use other solutions, like the free community edition from SonarQube.

I rate the overall solution an eight out of ten.

I rate this solution eight out of 10. 

I would rate this solution a seven out of ten. 

I would recommend the solution if it includes more features. 

I rate the solution an eight out of ten. 

I rate the solution a nine out of ten. 

Overall, I rate the solution an eight out of ten.

I recommend the solution to others and rate it a ten.

We're a customer.

I would rate the solution seven out of ten.

We also purchased Black Duck Binary Analysis and the Black Duck Hub from Synopsys.

My advice for anybody who is implementing this solution is to try to best capture security issues while the code is being written, rather than waiting until it is compiling. It’s easier and much more cost-effective to find vulnerabilities at the earlier, code-writing stage.

The other thing to keep in mind is that you should not rely on one approach to code security. You need to make sure that binary security is also in place, which is not done using Coverity. Any company that wants to secure its environment will need multiple levels of security scanning, and only one of these is handled by Coverity. The second one, binary scanning, can be done by using Black Duck or Veracode. This continues onto other security concerns, such as network scanning.

I would rate this solution a seven out of ten.

My advice to other is the first few steps of using Coverity takes time. It's better to have an experienced user to support it. For new users, it will be hard for them to set it up. If they can get someone to support it directly at the beginning it would be better because for me it's very hard at the beginning for a few weeks.

And on a scale from one to 10, how would you rate Coverity?

I rate Coverity an eight out of ten.

I would rate the solution a ten out of ten. 

I rate Coverity nine out of 10. It's a good choice. If you plan to use Coverity, you should read through the manual to really understand its settings. You have to tune the Coverity engine to get the best research and scalability out of it. A Coverity recently added some smart features that automatically compute the hardware requirements in your current machine. It automatically scales up. For example, it can detect how much multi-core CPU power it needs to run an analysis and how much memory is required, so it makes resources available for other applications running on the same machine. That intelligence has been built on. So initially, I recommend going over the fundamentals and fine-tuning it based on one's own requirements.

I would recommend this solution depending on the language you're using, Java and C++.

I would rate it a five out of ten. Not a ten because it's not efficient for the language we use. 

I am using the latest version of the product. I have also used Clang Static Analyzer. People planning to use the solution should try the open-source version first to understand how it works. We must have the paid version of the product to get all the resources and documentation. Overall, I rate the product an eight out of ten.

My advice for anybody who is considering this product is to first look around your organization to see if it has already been implemented in another group. If you're a big organization then Coverity or a similar tool may already be in use. In cases like this, I would say that it is best to adopt the same tool because your organization has already gone down that path and there are no huge differences in the capabilities of these tools. Some of them do it in different ways and some do things that others don't, but you won't have the initial bump of the learning curve and you can leverage their experience.

I would rate this solution a seven out of ten.

Overall, I rate Coverity a seven out of ten.

Coverity's documentation is pretty straightforward and I would rate it a seven out of ten. The solution is cheap and provides us with a dedicated server. 

If they have a cluster structure, then definitely they should use Coverity. I would rate Coverity a nine out of ten.

I rate Coverity five out of 10, but it's tough for me to judge because we decided to purchase it based on one requirement that no other static analysis tool could satisfy. For that reason, we haven't tried anything else. So, let's make an analogy. Let's say I used Sony TVs my entire life, and someone comes up and says, "Hey, there is a new brand of TVs. What do you think of them? Do you think they are good?" How would I know? By comparison, SonarQube seems to be more feature-rich for a standard programming language, and it works with more continuous integration tools.

I will suggest that when they use the program for a new project, they should just copy the data from a mature solution to the new project because the setup really takes a long time. We spent a lot of time to set Coverity up because I thought of creating the project in the Coverity server and use Coverity for the sonar part properly. But it took a long time. I will give the solution a 7.5 rating out of ten. When we officially use all the data, it will accumulate more experiences and then we will have different opinions.

Coverity is really good with CC+ and legacy technologies. However, there are other products that are probably as good or even better than Coverity when it comes to Java or cloud applications. 

If someone were to ask me what tool I would recommend, my answer would depend on what technology they're using and what their use case is. My advice would be based on how they're going to use the product and what they're expecting from the tool.

I would rate this solution an eight out of ten. 

I would recommend this solution if you can afford it. If you have enough budget, it is one of the best solutions right now. There may be other cheaper solutions, but you get what you pay for.

We have been using Coverity for several years. We would not have continued using it if it was not a good solution. We always have some minor questions or improvements for them, and they always give us a relatively fast response.

I would rate Coverity a nine out of ten. Only its price should be improved.

In summary, this is a helpful product and the feedback that I have heard from the development team is good.

I would rate this solution an eight out of ten.

Try it out for yourself, and decide whether it's useful for you.