Coverity Previous Solutions
We also use SonarQube.
In the past, I used Checkmarx and Fortify, and Coverity had the better price.
View full review »AP
Akshay Pawar
Software Developer at KPIT Technologies
I have experience with SonarQube. I switched to Coverity from SonarQube since the former mainly focuses on scanning and detection of bugs, while the latter focuses on the security of the code. If you want only to fix bugs, then the focus of the product should also be quite good, like Coverity. SonarQube's focus area is different from Coverity.
CJ
ChetanJadhav
Senior Software Engineer at AMD
I have not used another solution.
View full review »Buyer's Guide
Coverity
April 2024
Learn what your peers think about Coverity. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,578 professionals have used our research since 2012.
AB
reviewer2311338
Works
I had experience with SonarQube as an alternative. Coverity excelled in code scanning because it did not require installation prerequisites. Its reports are also clear and informational. It provides us with a better idea of troubleshooting vulnerabilities.
View full review »We are exploring Black Duck, which has more precise things. Coverity has a clear view. The report is very much clear rather than confusing like other tools. It also has a PDF option, and it gives precise information.
We've used Clockwork before. However, it has the same issues as this product. They're more for C# and C++.
View full review »GR
reviewer2218830
Integration Architect at a manufacturing company with 10,001+ employees
Initially, I worked with Klocwork in my previous company.
Regarding Klocwork, if you can provide me with its information, then we would definitely like to explore it.
NS
Nachu Subramanian
Automation Practice Leader at a financial services firm with 10,001+ employees
We did not use another solution before Coverty, although in my previous company, I used Veracode.
We also use SonarQube for code analysis.
Compared to SonarQube, Coverity finds more vulnerabilities. SonarQube is stronger on core quality, such as duplicate lines of code, but the security issues are found by Coverity.
SonarQube is available as a plugin for development environments such as Eclipse, which allows us to find vulnerabilities proactively.
SonarQube was easier to deploy and I did not require assistance from the vendor for installation or configuration.
View full review »YZ
Yantao Zhao
Software Integration Engineer at Thales
We have used other solutions, such as SonarQube.
View full review »VV
Varun V
Senior Solutions Architect at a computer software company with 11-50 employees
I used CodeSonar a few years back. Both tools have their advantages. In any static analysis tool, the first stage is the instrumentation of the source code. It'll try to capture the skeleton of your source code. So when I compare them based on the first phase alone, Coverity is far better than CodeSonar.
They both use a similar technique, but CodeSonar uses up way more storage resources. For example, to scan a 1GB code base, CodeSonar generates more than 5GB of instrumented files for every 1GB of code base. In total, that is 6GB. Coverity generates 500MB extra on top of 1GB, so that equals 1.5GB all in. That's a huge difference. CodeStar would eat up my disc space and hardware resources when I used it, whereas Coverity is minimal.
In terms of checkers, both CodeSonar and Coverity cover a good length and breadth, especially for C and C++ programming languages. But CodeSonar focuses only on four languages—C, C++, Java, and C#—only four programming languages, whereas Coverity supports more than 20-plus programming languages.
Also, the two are comparable with respect to their plugin offerings, but there are crucial differences. For example, CodeSonar only focuses on well-known integrations, like Jenkins and JIRA, but you cannot expect all customers to use the same tools. Coverity supports almost all CI/CD tools, including Jenkins and Bamboo. It also integrates with service providers like Azure DevOps Pipelines, AWS CodePipelines that CodeSonar hasn't added yet. The plugins are available in the marketplace, and you don't have to pay extra. You just have to download it from the marketplace, hook the plugin in your pipeline, and ready to use kind of approach. So these are some of the major use cases, three major use cases I would say when you compare apples to apples with CodeSonar and Coverity.
SH
SecurityEngineer0015
Security Engineer at a comms service provider with 10,001+ employees
We previously used an open-source solution before Coverity.
View full review »We use SonarQube for Java-based projects and Coverity for C and C++-based projects.
View full review »YZ
Yantao Zhao
Software Integration Engineer at Thales
My personal business used other tools that offered sonar language tracking. We used a mix of programs with specific options and some standard gcc options. But last year our team preferred to use more visual tools to follow the whole company's policy. That is why we chose Coverity.
View full review »RH
ChiefSpe9178
Chief Specialist at a government with 501-1,000 employees
We did not have another solution before. We decided to purchase Coverity because the way we were working previously wasn't efficient. So, we were trying to improve our efficiency.
View full review »Buyer's Guide
Coverity
April 2024
Learn what your peers think about Coverity. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,578 professionals have used our research since 2012.