We just raised a $30M Series A: Read our story

Coverity OverviewUNIXBusinessApplication

Coverity is #10 ranked solution in application security tools. IT Central Station users give Coverity an average rating of 8 out of 10. Coverity is most commonly compared to SonarQube:Coverity vs SonarQube. Coverity is popular among the large enterprise segment, accounting for 74% of users researching this solution on IT Central Station. The top industry researching this solution are professionals from a computer software company, accounting for 30% of all views.
What is Coverity?

Coverity® gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight™ integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts. 

Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform™ (SaaS), a highly scalable, cloud-based application security platform. Coverity supports 22 languages and over 70 frameworks and templates.

Coverity was previously known as Synopsys Static Analysis.

Coverity Buyer's Guide

Download the Coverity Buyer's Guide including reviews and more. Updated: December 2021

Coverity Customers

MStar Semiconductor, Alcatel-Lucent

Coverity Video

Archived Coverity Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Yantao Zhao
Software Integration Engineer at Thales Australia
MSP
Enables our entire company to publish the analysis results into our central space

Pros and Cons

  • "The features I find most valuable is that our entire company can publish the analysis results into our central space."
  • "The setup takes very long."

What is our primary use case?

We use Coverity during the software integration phase. We have a lot of components so we use Coverity to build the components, analyze and publish the data into sonar server and that's our work.

How has it helped my organization?

Depending on our product's needs, we defined the rule set to check and improve the source code.

What is most valuable?

The features I find most valuable is that our entire company can publish the analysis results into our central space. That allows us to see the latest quality of all components on the sonar web page.

What needs improvement?

My personal opinion is that the webpage of the last version of Coverity is not very easy to use. They've made some unnecessary changes and now I can't see all the analysis results or my status from when we started using the solution up to now. Because we have many components on the integration field, it is sometimes hard to find files of one specific component because we use relative path. When I look at the components, they all look very similar. But that is just my personal opinion.

I would also like to see a more user-friendly user interface and configuration. I can see the menu on the left but it's a little different from the other tools that I use, but this is perhaps only a personal thing. 

For how long have I used the solution?

We have been working on Coverity for about a year and a half

What do I think about the stability of the solution?

Coverity is a very stable solution.

What do I think about the scalability of the solution?

I believe the solution is scalable. Sometimes I want to put one component in a certain project, and I need to find what's the best way for us. We have a lot of users using Coverity and we will adapt it into our program. 

How are customer service and technical support?

Most of the time I just do some research myself and Google their webpage to see how I can find a solution for my problem. The program has a tools team to help find the solutions. 

Which solution did I use previously and why did I switch?

My personal business used other tools that offered sonar language tracking. We used a mix of programs with specific options and some standard gcc options. But last year our team preferred to use more visual tools to follow the whole company's policy. That is why we chose Coverity.

How was the initial setup?

We have an administrator for the deployment, so I am only a user. I just added a few projects and streams, and use the data extracted from the compilation, and run the analysis. The setup did take a long time, however.

What about the implementation team?

We implement through an in-house tools team.

What was our ROI?

I don't care it so much.

What's my experience with pricing, setup cost, and licensing?

For the setup, it's better to adapt the solution from the mature projects.

Don't care so much the pricing and licensing being the end user.

Which other solutions did I evaluate?

Before choosing, we tried to use gcc compiler options, i.e. 

EXT_GCOV_FLAGS='-fprofile-arcs -ftest-coverage'
EXT_GCOV_LDFLAGS=-fprofile-arcs
EXT_CC_FLAGS=-fdiagnostics-show-option
GCOV_LIB=-lgcov

What other advice do I have?

I will suggest that when they use the program for a new project, they should just copy the data from a mature solution to the new project because the setup really takes a long time. We spent a lot of time to set Coverity up because I thought of creating the project in the Coverity server and use Coverity for the sonar part properly. But it took a long time. I will give the solution a 7.5 rating out of ten. When we officially use all the data, it will accumulate more experiences and then we will have different opinions.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
SH
Security Engineer at a comms service provider with 10,001+ employees
Real User
Good security analysis features but it should support more languages and the user interface is not user-friendly

Pros and Cons

  • "The security analysis features are the most valuable features of this solution."
  • "The quality of the code needs improvement."

What is our primary use case?

We use the on-premise deployment model of this solution. Our primary use case of this solution is for auditing. 

What is most valuable?

The security analysis features are the most valuable features of this solution. 

What needs improvement?

The quality of the code needs improvement. They should develop a better code. 

The interface, efficiency, and the performance also need improvement as well as the languages that it offers. It should have more language options.

The user interface is not user-friendly.

For how long have I used the solution?

I have been using this solution for around three years.

What do I think about the stability of the solution?

It is stable. 

What do I think about the scalability of the solution?

We have 30 users licensed for this solution. We use it when we need it. 

How are customer service and technical support?

Their technical support isn't so good. That needs improvement. They don't address the problems I bring up. It's not a priority for them. 

Which solution did I use previously and why did I switch?

We previously used an open-source solution before Coverity. 

How was the initial setup?

The initial setup was easy. The solution is complex to use but not complex to deploy. 

What about the implementation team?

We deployed the solution ourselves. 

What's my experience with pricing, setup cost, and licensing?

Licensing is on a yearly basis. 

What other advice do I have?

I would recommend this solution depending on the language you're using, Java and C++.

I would rate it a five out of ten. Not a ten because it's not efficient for the language we use. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Coverity. Get advice and tips from experienced pros sharing their opinions. Updated: December 2021.
554,873 professionals have used our research since 2012.
DanaFrost
User
Real User
It gives advice and training on how to resolve the most common quality issues, but the REST implementation is sub-par

What is our primary use case?

  • Raising the level of code quality, security, and robustness in the codebase
  • Tracking and addressing code quality issues.

How has it helped my organization?

Coverity provides developers with a good, best practice, coding advice, and tracks risks of poor coding quality. Coverity reports have urged developers to improve the quality of their code.

What is most valuable?

  • I like that it gives advice and training on how to resolve the most common quality issues. 
  • Links to more details on each issue and the background and risks.

What needs improvement?

  • Ability to follow source file s-links into the target location for issuing assignments through GIT.  Our current build environment uses symbolic links into the git repo and Coverity does not follow the link into the actual location of the source file to determine the git author.
  • Single API for all interactions. I am not a fan of using both SOAP and REST APIs and Coverity offers a mix of functionality depending on the interface used. I would greatly prefer a full REST API with improved documentation for all actions including issuing assignments, streaming, and project creation. 

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
RH
Chief Specialist at a government with 501-1,000 employees
Real User
The product improves the quality of my work, but the usability could be improved

Pros and Cons

  • "The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent."
  • "They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier."

What is our primary use case?

I am using the latest version for my business. I personally do product evaluations, and this product has improved the efficiency of my work.

How has it helped my organization?

The product improves the way that we do product evaluations.

What is most valuable?

It improves the quality of my work. 

What needs improvement?

They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier.

What do I think about the stability of the solution?

The stability works quite well.

What do I think about the scalability of the solution?

The scalability is good enough.

How are customer service and technical support?

We haven't had any problems with the product so far.

Which solution did I use previously and why did I switch?

We did not have another solution before. We decided to purchase Coverity because the way we were working previously wasn't efficient. So, we were trying to improve our efficiency.

How was the initial setup?

The initial setup was straightforward.

What was our ROI?

We have seen ROI.

The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent.

Which other solutions did I evaluate?

This solution seemed to fit our purposes.

What other advice do I have?

Try it out for yourself, and decide whether it's useful for you.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
HM
Sr. Manager/Sr. Architect at Cognizant
Consultant
It has the lowest false positives with customizable triage options

Pros and Cons

  • "It has the lowest false positives."
  • "Reporting engine needs to be more robust."

What is our primary use case?

We did a comprehensive evaluation on a number of critical parameters in the environment that we are in. Other popular tools that we evaluated failed to meet our expectations.

How has it helped my organization?

  • Ease of development teams to adopt.
  • Faster scanning
  • Lowest false positives
  • No unnecessary bloating of a huge defect list.

These have helped us to focus on the things which need attention.

What is most valuable?

  • Lowest false positive rate
  • Faster scanning time
  • Inline context-sensitive help and other supportive artifacts which help developers.
  • Customizable triage options
  • Integrations with CI/CD tools, etc.

What needs improvement?

  • Reporting engine needs to be more robust.
  • Custom reporting is a must have.
  • Perhaps, the availability of connectors to popular open source BI tools, such as BIRT, JasperReports, or Pentaho may add value.

For how long have I used the solution?

Less than one year.
Disclosure: I am a real user, and this review is based on my own experience and opinions.