We also use SonarQube.

In the past, I used Checkmarx and Fortify, and Coverity had the better price.

I have experience with SonarQube. I switched to Coverity from SonarQube since the former mainly focuses on scanning and detection of bugs, while the latter focuses on the security of the code. If you want only to fix bugs, then the focus of the product should also be quite good, like Coverity. SonarQube's focus area is different from Coverity.

I have not used another solution. 

I had experience with SonarQube as an alternative. Coverity excelled in code scanning because it did not require installation prerequisites. Its reports are also clear and informational. It provides us with a better idea of troubleshooting vulnerabilities.

We are exploring Black Duck, which has more precise things. Coverity has a clear view. The report is very much clear rather than confusing like other tools. It also has a PDF option, and it gives precise information.

We've used Clockwork before. However, it has the same issues as this product. They're more for C# and C++.

Initially, I worked with Klocwork in my previous company.

Regarding Klocwork, if you can provide me with its information, then we would definitely like to explore it.

We did not use another solution before Coverty, although in my previous company, I used Veracode.

We also use SonarQube for code analysis.

Compared to SonarQube, Coverity finds more vulnerabilities. SonarQube is stronger on core quality, such as duplicate lines of code, but the security issues are found by Coverity.

SonarQube is available as a plugin for development environments such as Eclipse, which allows us to find vulnerabilities proactively.

SonarQube was easier to deploy and I did not require assistance from the vendor for installation or configuration.

We have used other solutions, such as SonarQube.

I used CodeSonar a few years back. Both tools have their advantages. In any static analysis tool, the first stage is the instrumentation of the source code. It'll try to capture the skeleton of your source code. So when I compare them based on the first phase alone, Coverity is far better than CodeSonar. 

They both use a similar technique, but CodeSonar uses up way more storage resources. For example, to scan a 1GB code base, CodeSonar generates more than 5GB of instrumented files for every 1GB of code base. In total, that is 6GB. Coverity generates 500MB extra on top of 1GB, so that equals 1.5GB all in. That's a huge difference. CodeStar would eat up my disc space and hardware resources when I used it, whereas Coverity is minimal. 

In terms of checkers, both CodeSonar and Coverity cover a good length and breadth, especially for C and C++ programming languages. But CodeSonar focuses only on four languages—C, C++, Java, and C#—only four programming languages, whereas Coverity supports more than 20-plus programming languages.

Also, the two are comparable with respect to their plugin offerings, but there are crucial differences. For example, CodeSonar only focuses on well-known integrations, like Jenkins and JIRA, but you cannot expect all customers to use the same tools. Coverity supports almost all CI/CD tools, including Jenkins and Bamboo. It also integrates with service providers like Azure DevOps Pipelines, AWS CodePipelines that CodeSonar hasn't added yet. The plugins are available in the marketplace, and you don't have to pay extra. You just have to download it from the marketplace, hook the plugin in your pipeline, and ready to use kind of approach. So these are some of the major use cases, three major use cases I would say when you compare apples to apples with CodeSonar and Coverity.

We previously used an open-source solution before Coverity. 

We use SonarQube for Java-based projects and Coverity for C and C++-based projects.

My personal business used other tools that offered sonar language tracking. We used a mix of programs with specific options and some standard gcc options. But last year our team preferred to use more visual tools to follow the whole company's policy. That is why we chose Coverity.

We did not have another solution before. We decided to purchase Coverity because the way we were working previously wasn't efficient. So, we were trying to improve our efficiency.