We just raised a $30M Series A: Read our story
2019-03-11T07:21:00Z

What advice do you have for others considering Coverity?

4

If you were talking to someone whose organization is considering Coverity, what would you say?

How would you rate it and why? Any other tips or advice?

ITCS user
Guest
99 Answers

author avatar
Top 20Real User

I rate Coverity nine out of 10. It's a good choice. If you plan to use Coverity, you should read through the manual to really understand its settings. You have to tune the Coverity engine to get the best research and scalability out of it. A Coverity recently added some smart features that automatically compute the hardware requirements in your current machine. It automatically scales up. For example, it can detect how much multi-core CPU power it needs to run an analysis and how much memory is required, so it makes resources available for other applications running on the same machine. That intelligence has been built on. So initially, I recommend going over the fundamentals and fine-tuning it based on one's own requirements.

2021-10-12T16:07:00Z
author avatar
Top 20Real User

I rate Coverity five out of 10, but it's tough for me to judge because we decided to purchase it based on one requirement that no other static analysis tool could satisfy. For that reason, we haven't tried anything else. So, let's make an analogy. Let's say I used Sony TVs my entire life, and someone comes up and says, "Hey, there is a new brand of TVs. What do you think of them? Do you think they are good?" How would I know? By comparison, SonarQube seems to be more feature-rich for a standard programming language, and it works with more continuous integration tools.

2021-10-09T07:01:00Z
author avatar
Top 20Real User

I would recommend this solution if you can afford it. If you have enough budget, it is one of the best solutions right now. There may be other cheaper solutions, but you get what you pay for. We have been using Coverity for several years. We would not have continued using it if it was not a good solution. We always have some minor questions or improvements for them, and they always give us a relatively fast response. I would rate Coverity a nine out of ten. Only its price should be improved.

2020-10-30T18:48:21Z
author avatar
Top 20Consultant

My advice for anybody who is considering this product is to first look around your organization to see if it has already been implemented in another group. If you're a big organization then Coverity or a similar tool may already be in use. In cases like this, I would say that it is best to adopt the same tool because your organization has already gone down that path and there are no huge differences in the capabilities of these tools. Some of them do it in different ways and some do things that others don't, but you won't have the initial bump of the learning curve and you can leverage their experience. I would rate this solution a seven out of ten.

2020-09-30T08:03:31Z
author avatar
Top 5Real User

In summary, this is a helpful product and the feedback that I have heard from the development team is good. I would rate this solution an eight out of ten.

2020-09-23T06:10:04Z
author avatar
Top 5LeaderboardReal User

We also purchased Black Duck Binary Analysis and the Black Duck Hub from Synopsys. My advice for anybody who is implementing this solution is to try to best capture security issues while the code is being written, rather than waiting until it is compiling. It’s easier and much more cost-effective to find vulnerabilities at the earlier, code-writing stage. The other thing to keep in mind is that you should not rely on one approach to code security. You need to make sure that binary security is also in place, which is not done using Coverity. Any company that wants to secure its environment will need multiple levels of security scanning, and only one of these is handled by Coverity. The second one, binary scanning, can be done by using Black Duck or Veracode. This continues onto other security concerns, such as network scanning. I would rate this solution a seven out of ten.

2020-04-02T07:00:09Z
author avatar
Real User

I would recommend this solution depending on the language you're using, Java and C++. I would rate it a five out of ten. Not a ten because it's not efficient for the language we use.

2019-08-26T06:42:00Z
author avatar
MSP

I will suggest that when they use the program for a new project, they should just copy the data from a mature solution to the new project because the setup really takes a long time. We spent a lot of time to set Coverity up because I thought of creating the project in the Coverity server and use Coverity for the sonar part properly. But it took a long time. I will give the solution a 7.5 rating out of ten. When we officially use all the data, it will accumulate more experiences and then we will have different opinions.

2019-08-22T05:49:00Z
author avatar
Real User

Try it out for yourself, and decide whether it's useful for you.

2019-03-11T07:21:00Z
Learn what your peers think about Coverity. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,136 professionals have used our research since 2012.