Coverity Overview

Coverity is the #11 ranked solution in our list of application security tools. It is most often compared to SonarQube: Coverity vs SonarQube

What is Coverity?

Coverity® gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix.

Coverity is also known as Synopsys Static Analysis.

Coverity Buyer's Guide

Download the Coverity Buyer's Guide including reviews and more. Updated: January 2021

Coverity Customers

MStar Semiconductor, Alcatel-Lucent

Coverity Video

Pricing Advice

What users are saying about Coverity pricing:
  • "The price is competitive with other solutions."
  • "Coverity is quite expensive."
  • "The licensing fees are based on the number of lines of code."
  • "It is expensive."

Coverity Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
reviewer1428837
Security Consultant at a tech services company with 11-50 employees
Consultant
Oct 1, 2020
Straightforward to install and reports few false positives, but it should be easier to specify your own validation and sanitation routines

What is our primary use case?

I am a consultant and I work to bring solutions to different companies. Static code analysis is one of the things that I assist people with, and Coverity is one of the tools that I use for doing that. I worked with Coverity when doing a couple of different PoCs. For these, I get a few different teams of developers together and we want to decide what makes the most sense for each team as far as scanning technologies. So, part of that is what languages are supported, part of that is how extensible it is, and part of that extensibility is do the developers have time to actually create custom… more »

Pros and Cons

  • "The most valuable feature is that there were not a whole lot of false positives, at least on the codebases that I looked at."
  • "It should be easier to specify your own validation routines and sanitation routines."

What other advice do I have?

My advice for anybody who is considering this product is to first look around your organization to see if it has already been implemented in another group. If you're a big organization then Coverity or a similar tool may already be in use. In cases like this, I would say that it is best to adopt the same tool because your organization has already gone down that path and there are no huge differences in the capabilities of these tools. Some of them do it in different ways and some do things that others don't, but you won't have the initial bump of the learning curve and you can leverage their…
Nachu Subramanian
Head of DevOps Engineering Center of Excellence at OCBC Bank
Real User
Top 5Leaderboard
Apr 12, 2020
Improves security by detecting vulnerabilities in code, but it needs integration with popular development environments

What is our primary use case?

I am the administrator and I use this solution to do the calibrating and security scanning of the code in my bank. We are trying to find any vulnerabilities in our code and we are integrating the process with our DevOps.

Pros and Cons

  • "Coverity is quite stable and we haven’t had any issues or any downtime."
  • "I would like to see integration with popular IDEs, such as Eclipse."

What other advice do I have?

We also purchased Black Duck Binary Analysis and the Black Duck Hub from Synopsys. My advice for anybody who is implementing this solution is to try to best capture security issues while the code is being written, rather than waiting until it is compiling. It’s easier and much more cost-effective to find vulnerabilities at the earlier, code-writing stage. The other thing to keep in mind is that you should not rely on one approach to code security. You need to make sure that binary security is also in place, which is not done using Coverity. Any company that wants to secure its environment will…
Learn what your peers think about Coverity. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
455,301 professionals have used our research since 2012.
Yantao Zhao
Software Integration Engineer at Thales Australia
MSP
Top 20
Sep 4, 2019
Enables our entire company to publish the analysis results into our central space

What is our primary use case?

We use Coverity during the software integration phase. We have a lot of components so we use Coverity to build the components, analyze and publish the data into sonar server and that's our work.

Pros and Cons

  • "The features I find most valuable is that our entire company can publish the analysis results into our central space."
  • "The setup takes very long."

What other advice do I have?

I will suggest that when they use the program for a new project, they should just copy the data from a mature solution to the new project because the setup really takes a long time. We spent a lot of time to set Coverity up because I thought of creating the project in the Coverity server and use Coverity for the sonar part properly. But it took a long time. I will give the solution a 7.5 rating out of ten. When we officially use all the data, it will accumulate more experiences and then we will have different opinions.
reviewer1419987
Senior Technical Specialist at a tech services company with 201-500 employees
Real User
Top 5
Sep 23, 2020
Integrates well with Jenkins and GitLab, and has helped us find errors before going into production

What is our primary use case?

We have a development team and we are using this product for static code analysis.

Pros and Cons

  • "The most valuable feature is the integration with Jenkins."
  • "Ideally, it would have a user-based license that does not have a restriction in the number of lines of code."

What other advice do I have?

In summary, this is a helpful product and the feedback that I have heard from the development team is good. I would rate this solution an eight out of ten.
SecurityEngineer0015
Security Engineer at a comms service provider with 10,001+ employees
Real User
Aug 28, 2019
Good security analysis features but it should support more languages and the user interface is not user-friendly

What is our primary use case?

We use the on-premise deployment model of this solution. Our primary use case of this solution is for auditing.

Pros and Cons

  • "The security analysis features are the most valuable features of this solution."
  • "The quality of the code needs improvement."

What other advice do I have?

I would recommend this solution depending on the language you're using, Java and C++. I would rate it a five out of ten. Not a ten because it's not efficient for the language we use.
reviewer1442352
Director at a manufacturing company with 10,001+ employees
Real User
Oct 31, 2020
Stable, scalable, and provides reports about a lot of potential defects

What is our primary use case?

We use it in our company during product development.

Pros and Cons

  • "It provides reports about a lot of potential defects."
  • "Its price can be improved. Price is always an issue with Synopsys."

What other advice do I have?

I would recommend this solution if you can afford it. If you have enough budget, it is one of the best solutions right now. There may be other cheaper solutions, but you get what you pay for. We have been using Coverity for several years. We would not have continued using it if it was not a good solution. We always have some minor questions or improvements for them, and they always give us a relatively fast response. I would rate Coverity a nine out of ten. Only its price should be improved.
ChiefSpe9178
Chief Specialist at a government with 501-1,000 employees
Real User
Mar 21, 2019
The product improves the quality of my work, but the usability could be improved

What is our primary use case?

I am using the latest version for my business. I personally do product evaluations, and this product has improved the efficiency of my work.

Pros and Cons

  • "The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent."
  • "They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier."

What other advice do I have?

Try it out for yourself, and decide whether it's useful for you.
DanaFrost
User
Real User
Top 5Leaderboard
Apr 14, 2019
It gives advice and training on how to resolve the most common quality issues, but the REST implementation is sub-par

What is our primary use case?

* Raising the level of code quality, security, and robustness in the codebase * Tracking and addressing code quality issues.
Product Categories
Application Security
Buyer's Guide
Download our free Coverity Report and get advice and tips from experienced pros sharing their opinions.