Coverity Overview

Coverity is the #11 ranked solution in our list of application security tools. It is most often compared to SonarQube: Coverity vs SonarQube

What is Coverity?

Coverity® gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight™ integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts. 

Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform™ (SaaS), a highly scalable, cloud-based application security platform. Coverity supports 22 languages and over 70 frameworks and templates.

Coverity is also known as Synopsys Static Analysis.

Coverity Buyer's Guide

Download the Coverity Buyer's Guide including reviews and more. Updated: July 2021

Coverity Customers

MStar Semiconductor, Alcatel-Lucent

Coverity Video

Pricing Advice

What users are saying about Coverity pricing:
  • "The price is competitive with other solutions."
  • "Coverity is quite expensive."
  • "The licensing fees are based on the number of lines of code."
  • "It is expensive."

Filter Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
SH
Security Consultant at a tech services company with 11-50 employees
Consultant
Top 20
Download
Straightforward to install and reports few false positives, but it should be easier to specify your own validation and sanitation routines

What is our primary use case?

I am a consultant and I work to bring solutions to different companies. Static code analysis is one of the things that I assist people with, and Coverity is one of the tools that I use for doing that. I worked with Coverity when doing a couple of different PoCs. For these, I get a few different teams of developers together and we want to decide what makes the most sense for each team as far as scanning technologies. So, part of that is what languages are supported, part of that is how extensible it is, and part of that extensibility is do the developers have time to actually create custom… more »

Pros and Cons

  • "The most valuable feature is that there were not a whole lot of false positives, at least on the codebases that I looked at."
  • "It should be easier to specify your own validation routines and sanitation routines."

What other advice do I have?

My advice for anybody who is considering this product is to first look around your organization to see if it has already been implemented in another group. If you're a big organization then Coverity or a similar tool may already be in use. In cases like this, I would say that it is best to adopt the same tool because your organization has already gone down that path and there are no huge differences in the capabilities of these tools. Some of them do it in different ways and some do things that others don't, but you won't have the initial bump of the learning curve and you can leverage their…
See Entire Coverity Review (1188 Words) »
Nachu Subramanian
Head of DevOps Engineering Center of Excellence at a financial services firm with 10,001+ employees
Real User
Top 5Leaderboard
Download
Improves security by detecting vulnerabilities in code, but it needs integration with popular development environments

What is our primary use case?

I am the administrator and I use this solution to do the calibrating and security scanning of the code in my bank. We are trying to find any vulnerabilities in our code and we are integrating the process with our DevOps.

Pros and Cons

  • "Coverity is quite stable and we haven’t had any issues or any downtime."
  • "I would like to see integration with popular IDEs, such as Eclipse."

What other advice do I have?

We also purchased Black Duck Binary Analysis and the Black Duck Hub from Synopsys. My advice for anybody who is implementing this solution is to try to best capture security issues while the code is being written, rather than waiting until it is compiling. It’s easier and much more cost-effective to find vulnerabilities at the earlier, code-writing stage. The other thing to keep in mind is that you should not rely on one approach to code security. You need to make sure that binary security is also in place, which is not done using Coverity. Any company that wants to secure its environment will…
See Entire Coverity Review (757 Words) »
Free Report: Coverity Reviews and More
Learn what your peers think about Coverity. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
Download now
523,535 professionals have used our research since 2012.
Yantao Zhao
Software Integration Engineer at Thales Australia
MSP
Top 20
Download
Enables our entire company to publish the analysis results into our central space

What is our primary use case?

We use Coverity during the software integration phase. We have a lot of components so we use Coverity to build the components, analyze and publish the data into sonar server and that's our work.

Pros and Cons

  • "The features I find most valuable is that our entire company can publish the analysis results into our central space."
  • "The setup takes very long."

What other advice do I have?

I will suggest that when they use the program for a new project, they should just copy the data from a mature solution to the new project because the setup really takes a long time. We spent a lot of time to set Coverity up because I thought of creating the project in the Coverity server and use Coverity for the sonar part properly. But it took a long time. I will give the solution a 7.5 rating out of ten. When we officially use all the data, it will accumulate more experiences and then we will have different opinions.
See Entire Coverity Review (698 Words) »
SG
Senior Technical Specialist at a tech services company with 201-500 employees
Real User
Top 5
Download
Integrates well with Jenkins and GitLab, and has helped us find errors before going into production

What is our primary use case?

We have a development team and we are using this product for static code analysis.

Pros and Cons

  • "The most valuable feature is the integration with Jenkins."
  • "Ideally, it would have a user-based license that does not have a restriction in the number of lines of code."

What other advice do I have?

In summary, this is a helpful product and the feedback that I have heard from the development team is good. I would rate this solution an eight out of ten.
See Entire Coverity Review (389 Words) »
SH
Security Engineer at a comms service provider with 10,001+ employees
Real User
Download
Good security analysis features but it should support more languages and the user interface is not user-friendly

What is our primary use case?

We use the on-premise deployment model of this solution. Our primary use case of this solution is for auditing.

Pros and Cons

  • "The security analysis features are the most valuable features of this solution."
  • "The quality of the code needs improvement."

What other advice do I have?

I would recommend this solution depending on the language you're using, Java and C++. I would rate it a five out of ten. Not a ten because it's not efficient for the language we use.
See Entire Coverity Review (304 Words) »
ML
Director at a manufacturing company with 10,001+ employees
Real User
Top 20
Download
Stable, scalable, and provides reports about a lot of potential defects

What is our primary use case?

We use it in our company during product development.

Pros and Cons

  • "It provides reports about a lot of potential defects."
  • "Its price can be improved. Price is always an issue with Synopsys."

What other advice do I have?

I would recommend this solution if you can afford it. If you have enough budget, it is one of the best solutions right now. There may be other cheaper solutions, but you get what you pay for. We have been using Coverity for several years. We would not have continued using it if it was not a good solution. We always have some minor questions or improvements for them, and they always give us a relatively fast response. I would rate Coverity a nine out of ten. Only its price should be improved.
See Entire Coverity Review (267 Words) »
Read archived reviews (2+ years old)
Product Categories
Application Security
Buyer's Guide
Download our free Coverity Report and get advice and tips from experienced pros sharing their opinions.
Download Now
Quick Links
Learn More: Questions: