Coverity Reviews

What is most valuable?

The features I find most valuable is that our entire company can publish the analysis results into our central space. That allows us to see the latest quality of all… more»

How has it helped my organization?

Depending on our product's needs, we defined the rule set to check and improve the source code.

What needs improvement?

My personal opinion is that the webpage of the last version of Coverity is not very easy to use. They've made some unnecessary changes and now I can't see all the analysis… more»

What's my experience with pricing, setup cost, and licensing?

For the setup, it's better to adapt the solution from the mature projects. Don't care so much the pricing and licensing being the end user.

Which solution did I use previously and why did I switch?

My personal business used other tools that offered sonar language tracking. We used a mix of programs with specific options and some standard gcc options. But last year… more»

What other advice do I have?

I will suggest that when they use the program for a new project, they should just copy the data from a mature solution to the new project because the setup really takes a… more»

Which other solutions did I evaluate?

Before choosing, we tried to use gcc compiler options, i.e. EXT_GCOV_FLAGS='-fprofile-arcs -ftest-coverage' EXT_GCOV_LDFLAGS=-fprofile-arcs… more»

What is most valuable?

The security analysis features are the most valuable features of this solution.

What needs improvement?

The quality of the code needs improvement. They should develop a better code. The interface, efficiency, and the performance also need improvement as well as the languages that it offers. It should have more language options. The user… more»

What's my experience with pricing, setup cost, and licensing?

Licensing is on a yearly basis.

Which solution did I use previously and why did I switch?

We previously used an open-source solution before Coverity.

What other advice do I have?

I would recommend this solution depending on the language you're using, Java and C++. I would rate it a five out of ten. Not a ten because it's not efficient for the language we use.

What is most valuable?

It improves the quality of my work.

How has it helped my organization?

The product improves the way that we do product evaluations.

What needs improvement?

They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier.

Which solution did I use previously and why did I switch?

We did not have another solution before. We decided to purchase Coverity because the way we were working previously wasn't efficient. So, we were trying to improve our efficiency.

What other advice do I have?

Try it out for yourself, and decide whether it's useful for you.

Which other solutions did I evaluate?

This solution seemed to fit our purposes.

What is most valuable?

* I like that it gives advice and training on how to resolve the most common quality issues. * Links to more details on each issue and the background and risks.

How has it helped my organization?

Coverity provides developers with a good, best practice, coding advice, and tracks risks of poor coding quality. Coverity reports have urged developers to improve the quality of their code.

What needs improvement?

* Ability to follow source file s-links into the target location for issuing assignments through GIT. Our current build environment uses symbolic links into the git repo and Coverity does not follow the link into the actual location of the source file to determine the git author. * Single API for all interactions. I am not a fan of using both SOAP and REST APIs and Coverity offers a mix of… more»

What is most valuable?

* Lowest false positive rate * Faster scanning time * Inline context-sensitive help and other supportive artifacts which help developers. * Customizable triage options * Integrations with CI/CD tools, etc.

How has it helped my organization?

* Ease of development teams to adopt. * Faster scanning * Lowest false positives * No unnecessary bloating of a huge defect list. These have helped us to focus on the things which need attention.

What needs improvement?

* Reporting engine needs to be more robust. * Custom reporting is a must have. * Perhaps, the availability of connectors to popular open source BI tools, such as BIRT, JasperReports, or Pentaho may add value.