Coverity Overview
Coverity is the #11 ranked solution in our list of application security tools. It is most often compared to SonarQube: Coverity vs SonarQube
What is Coverity?
Coverity® gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix.
Coverity is also known as Synopsys Static Analysis.
Coverity Buyer's Guide
Download the Coverity Buyer's Guide including reviews and more. Updated: January 2021
Coverity Customers
MStar Semiconductor, Alcatel-Lucent
Coverity Video
Pricing Advice
What users are saying about Coverity pricing:
- "The price is competitive with other solutions."
- "Coverity is quite expensive."
- "The licensing fees are based on the number of lines of code."
- "It is expensive."
Coverity Reviews
Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
- Date
- Highest Rating
- Lowest Rating
- Review Length
Search:
Showingreviews based on the current filters. Reset all filters

reviewer1428837
Security Consultant at a tech services company with 11-50 employees
Straightforward to install and reports few false positives, but it should be easier to specify your own validation and sanitation routines
What is our primary use case?
I am a consultant and I work to bring solutions to different companies. Static code analysis is one of the things that I assist people with, and Coverity is one of the tools that I use for doing that. I worked with Coverity when doing a couple of different PoCs. For these, I get a few different teams of developers together and we want to decide what makes the most sense for each team as far as scanning technologies. So, part of that is what languages are supported, part of that is how extensible it is, and part of that extensibility is do the developers have time to actually create custom… more »Pros and Cons
- "The most valuable feature is that there were not a whole lot of false positives, at least on the codebases that I looked at."
- "It should be easier to specify your own validation routines and sanitation routines."
What other advice do I have?
My advice for anybody who is considering this product is to first look around your organization to see if it has already been implemented in another group. If you're a big organization then Coverity or a similar tool may already be in use. In cases like this, I would say that it is best to adopt the same tool because your organization has already gone down that path and there are no huge differences in the capabilities of these tools. Some of them do it in different ways and some do things that others don't, but you won't have the initial bump of the learning curve and you can leverage their…
Nachu Subramanian
Head of DevOps Engineering Center of Excellence at OCBC Bank
Improves security by detecting vulnerabilities in code, but it needs integration with popular development environments
What is our primary use case?
I am the administrator and I use this solution to do the calibrating and security scanning of the code in my bank. We are trying to find any vulnerabilities in our code and we are integrating the process with our DevOps.Pros and Cons
- "Coverity is quite stable and we haven’t had any issues or any downtime."
- "I would like to see integration with popular IDEs, such as Eclipse."
What other advice do I have?
We also purchased Black Duck Binary Analysis and the Black Duck Hub from Synopsys. My advice for anybody who is implementing this solution is to try to best capture security issues while the code is being written, rather than waiting until it is compiling. It’s easier and much more cost-effective to find vulnerabilities at the earlier, code-writing stage. The other thing to keep in mind is that you should not rely on one approach to code security. You need to make sure that binary security is also in place, which is not done using Coverity. Any company that wants to secure its environment will…Learn what your peers think about Coverity. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
455,301 professionals have used our research since 2012.

Yantao Zhao
Software Integration Engineer at Thales Australia
Enables our entire company to publish the analysis results into our central space
What is our primary use case?
We use Coverity during the software integration phase. We have a lot of components so we use Coverity to build the components, analyze and publish the data into sonar server and that's our work.Pros and Cons
- "The features I find most valuable is that our entire company can publish the analysis results into our central space."
- "The setup takes very long."
What other advice do I have?
I will suggest that when they use the program for a new project, they should just copy the data from a mature solution to the new project because the setup really takes a long time. We spent a lot of time to set Coverity up because I thought of creating the project in the Coverity server and use Coverity for the sonar part properly. But it took a long time. I will give the solution a 7.5 rating out of ten. When we officially use all the data, it will accumulate more experiences and then we will have different opinions.
reviewer1419987
Senior Technical Specialist at a tech services company with 201-500 employees
Integrates well with Jenkins and GitLab, and has helped us find errors before going into production
What is our primary use case?
We have a development team and we are using this product for static code analysis.Pros and Cons
- "The most valuable feature is the integration with Jenkins."
- "Ideally, it would have a user-based license that does not have a restriction in the number of lines of code."
What other advice do I have?
In summary, this is a helpful product and the feedback that I have heard from the development team is good. I would rate this solution an eight out of ten.
SecurityEngineer0015
Security Engineer at a comms service provider with 10,001+ employees
Good security analysis features but it should support more languages and the user interface is not user-friendly
What is our primary use case?
We use the on-premise deployment model of this solution. Our primary use case of this solution is for auditing.Pros and Cons
- "The security analysis features are the most valuable features of this solution."
- "The quality of the code needs improvement."
What other advice do I have?
I would recommend this solution depending on the language you're using, Java and C++. I would rate it a five out of ten. Not a ten because it's not efficient for the language we use.
reviewer1442352
Director at a manufacturing company with 10,001+ employees
Stable, scalable, and provides reports about a lot of potential defects
What is our primary use case?
We use it in our company during product development.Pros and Cons
- "It provides reports about a lot of potential defects."
- "Its price can be improved. Price is always an issue with Synopsys."
What other advice do I have?
I would recommend this solution if you can afford it. If you have enough budget, it is one of the best solutions right now. There may be other cheaper solutions, but you get what you pay for. We have been using Coverity for several years. We would not have continued using it if it was not a good solution. We always have some minor questions or improvements for them, and they always give us a relatively fast response. I would rate Coverity a nine out of ten. Only its price should be improved.
ChiefSpe9178
Chief Specialist at a government with 501-1,000 employees
The product improves the quality of my work, but the usability could be improved
What is our primary use case?
I am using the latest version for my business. I personally do product evaluations, and this product has improved the efficiency of my work.Pros and Cons
- "The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent."
- "They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier."
What other advice do I have?
Try it out for yourself, and decide whether it's useful for you.
DanaFrost
User
It gives advice and training on how to resolve the most common quality issues, but the REST implementation is sub-par
What is our primary use case?
* Raising the level of code quality, security, and robustness in the codebase * Tracking and addressing code quality issues.Product Categories
Application SecurityPopular Comparisons
SonarQube
Veracode
Micro Focus Fortify on Demand
Checkmarx
Klocwork
Fortify Application Defender
Polyspace Code Prover
CodeSonar
Parasoft SOAtest
WhiteSource
Synopsys Defensics
HCL AppScan
Kiuwan
CAST Application Intelligence Platform
Sonatype Nexus Lifecycle
Buyer's Guide
Download our free Coverity Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More:
- Scan
- Plugin
- Jenkins
- Analysis
- Integration
- Eclipse
- Code Analysis
- Server
- Java
- GitLab
- Linux
- Languages
- API
- Primary Use Case
- Valuable Features
- Room for Improvement
- When evaluating Application Security, what aspect do you think is the most important to look for?
- Which application security solutions include both vulnerability scans and quality checks?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- How was the 2020 Twitter Hack carried out? How could it have been prevented?
- Is SonarQube the best tool for static analysis?
- What are the OWASP top 10 in 2020?
- SAST vs. DAST: Which is better for application security testing?