# Coverity Reviews **Vendor:** Synopsys **Category:** [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast) **Average Rating:** 4.2/5.0 **Total Reviews:** 55 ## About Coverity Coverity® is a fast, accurate, and highly scalable static analysis (SAST) solution that helps development and security teams address security and quality defects early in the software development life cycle (SDLC), track and manage risks across the application portfolio, and ensure compliance with security and coding standards. ## Coverity Reviews ### 1. Used to be wonderful for finding C++ bugs **Rating:** 2.0/5.0 stars **Reviewed by:** Flash S. | Senior Compiler Test Engineer, Mid-Market (51-1000 emp.) **Reviewed Date:** May 31, 2024 **What do you like best about Coverity?** Sometimes finds breathtaking C++ out of bounds memory writes. **What do you dislike about Coverity?** Little progress since 2010’s; languages other than C/C++ extremely weak. Useless support since takeover by Synopsys. **What problems is Coverity solving and how is that benefiting you?** Bugs ### 2. Optimized code with Coverity tool **Rating:** 5.0/5.0 stars **Reviewed by:** Deepti S. | 5G Software Developer 2, Enterprise (> 1000 emp.) **Reviewed Date:** November 25, 2021 **What do you like best about Coverity?** I love the feature how coverity tool by synopsys can detect issues in the code and thus provides a way to make your code way more optimized. **What do you dislike about Coverity?** I dislike that sometimes there are false positive issues for which there is no perfect fix, but coverity indicate it as a bug. But there is always a way to declare that false positive and its good enough. **Recommendations to others considering Coverity:** Its a great tool to further improve your code **What problems is Coverity solving and how is that benefiting you?** I am working on a project and coverity tool is really helpful in pin pointing the minor or major issues which one can ignore in there day to day work life. ### 3. Tool which is the best for the static analysis **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.) **Reviewed Date:** October 12, 2021 **What do you like best about Coverity?** It has very capable and promising features which provides an user to debug and analysis the code for the faster run times. I have used this tool while doing in my project. The quality of producy support is awe some, they actually helped me alot which reduces time and effort, and makes my code best. **What do you dislike about Coverity?** It has some bugs to fix but can find the solutions for it because of their product support. **Recommendations to others considering Coverity:** Its the best tool to have in industry which releaves you a head of time by reporting all the major issues a head of time, which probably makes ur code best at time release. **What problems is Coverity solving and how is that benefiting you?** The debuging skills of the code is vey good while using this tool which saves a lot of time and the code can be in better way which possibly solves much issues with out any major defects in the release. ### 4. Coverity SAST Review **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Computer Software | Enterprise (> 1000 emp.) **Reviewed Date:** August 21, 2021 **What do you like best about Coverity?** We use the Coverity Static Analysis tool for security scans of C/C++ server code. Coverity is having a higher detection rate as we highly rely on this code scan for our application code. We had seamlessly integrated this SAST tool (Coverity) to our CI/CD Pipeline and the vulnerabilities were being notified to the respective developer via mail. It provides a mechanism to audit the findings and mark false positives in an effecient way. Support for several languages is one another factor that stands out well when compared to other tools. Time it takes to scan huge code lines is significantky faster compared to other tools. **What do you dislike about Coverity?** However there are some improvements points which I thought I should highlight to make this tool even more better for the end users. strzcpy vs. NULL_STRING Coverity does not recognize that strzcpy adds a terminating x00. ab_pfetch* On Windows we currently have many OVERRUN false positives. bsearch on fixed width table vs. Literal Coverity’s model for bsearch assumes that bsearch access the key on the full width of the key. If bsearch is given a fixed (max) size table, and say strcmp as compare function, then in reality when bsearch is called with a small literal as key, then all is good. Alas Coverity thinks that bsearch will read beyond the end of the literal, even though strcmp will not. NO_EFFECT on var_arg On Windows we currently have a NO_EFFECT warning on all uses of va_args TAINTED_SCALAR Coverity to warn for uses of tainted data, data that might be controlled by an attacker. This may lead to data corruption, code injection,... When possible Coverity reports additional defects describing the dangerous use of the tainted data INTEGER_OVERFLOW. RW.LITERAL_OPERATOR_NOT_FOUND on printf with TEL_Format When using TEL defined format such as TEL_Flpu, TEL_Fsu, TEL_Fpid ,... Coverity sometimes requires a space before the 'T' from TEL_Fxxx. TAINTED_STRING Coverity to warn for uses of tainted data, data that might be controlled by an attacker. This may lead to data corruption, code injection, SQL injection, directory traversal, PW.PRINTF_ARG_MISMATCH - * precision or * size vs. size_t or ptrdiff_t parameters 64 bits builds or scans - The C-Standard states that the * precision or size are of type int. This is generally 4 bytes. On 64 bits builds size_t and ptrdiff_t are 8 bytes. If I had submitted a fix yesterday, today’s Coverity Connect continue to report the defect. **What problems is Coverity solving and how is that benefiting you?** We use Coverity to solve both Quality and Security issues. Outpf bound access Uninitialized pointer reads Calling risky functions Resource leak and lot more ### 5. A SAST which supports multiple languages and platforms. **Rating:** 4.0/5.0 stars **Reviewed by:** Viraj P. | Associate Lead - Application Security Engineer, Mid-Market (51-1000 emp.) **Reviewed Date:** September 21, 2021 **What do you like best about Coverity?** Assigning issues to users is simply easy and less false positives. **What do you dislike about Coverity?** Reporting portion and for results it take more time than other solutions. **Recommendations to others considering Coverity:** A good SAST solution if you are considering multi-platforms and fewer false positives. **What problems is Coverity solving and how is that benefiting you?** It helps to identify bugs related to security during our application lifecycle. ### 6. Promising tool of future- static code analysis tool **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Computer Software | Enterprise (> 1000 emp.) **Reviewed Date:** September 07, 2021 **What do you like best about Coverity?** helps development and security teams address security and quality defects early in the software development life cycle (SDLC), Best thing about Coverity is highly accurate, supports thousands of developers, and quickly analyzes large projects exceeding 100 million lines of code. **What do you dislike about Coverity?** Few pointers definitely needs improvement would be resources leaks. dereferences of NULL pointers. incorrect usage of APIs. **What problems is Coverity solving and how is that benefiting you?** Have used Coverity Quality Advisor and solved issues like: resources leaks. dereferences of NULL pointers. incorrect usage of APIs. use of uninitialized data. memory corruptions. buffer overruns. control flow issues. error handling issues. ### 7. Easy to use for Coverity fixes **Rating:** 4.5/5.0 stars **Reviewed by:** Nikhil D. | Software Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** August 30, 2021 **What do you like best about Coverity?** Its user friendly UI. It easy to browse code using Coverity and it also briefly describes about the issue. **What do you dislike about Coverity?** I was facing issue in categorising the Coverity issues. **What problems is Coverity solving and how is that benefiting you?** I have mainly used for solving Coverity fixes. It catches the basic issues which can be easily fixed and helps in improving the code base. ### 8. Coverity is an excellent tool from Synopsis. **Rating:** 4.0/5.0 stars **Reviewed by:** Sumit K. | Software Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** September 13, 2021 **What do you like best about Coverity?** It is easy to use the tool. And helps to find any issue that is overlooked in manual review. **What do you dislike about Coverity?** The tool is pretty good. It is easy to set up with proper guidelines. **What problems is Coverity solving and how is that benefiting you?** Secured code review. ### 9. An amazing tool for static analysis - used this extensively during my tenure at STMicroelectronics **Rating:** 4.5/5.0 stars **Reviewed by:** Swarup A. | Project Manager, Enterprise (> 1000 emp.) **Reviewed Date:** August 24, 2021 **What do you like best about Coverity?** Excellent User Interface and server-side features. The Coverity support team is also very responsive **What do you dislike about Coverity?** I did not find any such attribute during my experience **What problems is Coverity solving and how is that benefiting you?** Static analysis integration with CI-CD DevOps pipeline and improvement of code quality ### 10. Very convenient and user friendly tool for software engineering **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User in Automotive | Mid-Market (51-1000 emp.) **Reviewed Date:** September 09, 2021 **What do you like best about Coverity?** Ease with which we one produce highly scalable software and address security issues. **What do you dislike about Coverity?** Coverituy tool can update to provide more content to its customers. **What problems is Coverity solving and how is that benefiting you?** Synopsys Coverity tool was really helpful in addressing static errors in code. ### 11. Best tool for Static and Security code analysis **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Financial Services | Enterprise (> 1000 emp.) **Reviewed Date:** August 26, 2021 **What do you like best about Coverity?** It gives an accurate, detailed report, which is helpful for both upper-level Management and for developers. **What do you dislike about Coverity?** Nothing as of now. We liked it very much. **What problems is Coverity solving and how is that benefiting you?** WE are solving static code issues or if there are security-related issues like SQL injection and all. ### 12. Great security product **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.) **Reviewed Date:** September 12, 2021 **What do you like best about Coverity?** The way it scans and provide results which makes life easier **What do you dislike about Coverity?** The UI/UX could have been better to browse through results **What problems is Coverity solving and how is that benefiting you?** Finding the security bug while doing the continous build is really helpful ### 13. Static tool result as a mailnotification to code commitors **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Computer Software | Enterprise (> 1000 emp.) **Reviewed Date:** September 12, 2021 **What do you like best about Coverity?** Code scanning at its best................... **What do you dislike about Coverity?** I agree it is not a open source now........ **What problems is Coverity solving and how is that benefiting you?** Daily scan reports of the code along with the integrated html files to send mail notification for developers ### 14. Good for Static analysis integration **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Telecommunications | Enterprise (> 1000 emp.) **Reviewed Date:** September 12, 2021 **What do you like best about Coverity?** Friendly UI, easy to use coverity for bugs and defects tracing **What do you dislike about Coverity?** Cost could be little lesser . Sometimes accuracy is not there, false positives pop up. **What problems is Coverity solving and how is that benefiting you?** Mostly in resource leak ### 15. DBA **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User in Banking | Enterprise (> 1000 emp.) **Reviewed Date:** September 08, 2021 **What do you like best about Coverity?** To find out quality defects,track and managed risk across the application **What do you dislike about Coverity?** There is nothing to dislike, if the cost is little less then it could be better **What problems is Coverity solving and how is that benefiting you?** Currently not use ### 16. DevOps Manager for IT and embedded software development **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Automotive | Enterprise (> 1000 emp.) **Reviewed Date:** August 29, 2021 **What do you like best about Coverity?** Better sca findings for embedded development. Good with SAST findings. Good dashboard. **What do you dislike about Coverity?** UX could be improved. Ability to auto fix could be worked on. **What problems is Coverity solving and how is that benefiting you?** SCA and SAST. Benefitof quality code ### 17. A good tool for static code analysis **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Computer Hardware | Enterprise (> 1000 emp.) **Reviewed Date:** June 15, 2020 **What do you like best about Coverity?** The scan results are presented in detail and concise. **What do you dislike about Coverity?** The configuration is confusing and sometimes misleading. **What problems is Coverity solving and how is that benefiting you?** For coverity and misra compliance on firmware which has been implementated for the past over ten years. accumulated huge amount of violations; ### 18. Coverity - nice functionality, cluttered UI **Rating:** 3.0/5.0 stars **Reviewed by:** Daniel N. | Graduate Software Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** May 28, 2020 **What do you like best about Coverity?** Finds many bugs and memo leaks, nice groups features **What do you dislike about Coverity?** Cluttered UI, tough to navigate through it **Recommendations to others considering Coverity:** I would recommend it, as apart from the slightly unintuitive UI, it is a nice tool. However, it is a bit old, so ensure you have looked on the market to check if there is anything better out there. My main advice will be to target the tools towards your needs regarding the languages you use, but it is always better to pick a flexible tool that covers many languages, so that in the future you can expand your language base, whilst staying on top of any security isssues. **What problems is Coverity solving and how is that benefiting you?** Finding bugs and memo leaks in a variety of languages. Its API for Java is also an easy one to use and is well-documented. I really like that once these are assigned to you, you get reminders via email (it can be nicely integrated with Outlook), so that you don't forget. The detailed information on the issues and how they are represented graphically are also amongst its benefits. ### 19. A must to have tool for an open-source project **Rating:** 5.0/5.0 stars **Reviewed by:** Ivan P. | Small-Business (50 or fewer emp.) **Reviewed Date:** June 04, 2020 **What do you like best about Coverity?** I like that Coverity Scan is Free for open-source projects. In fact, I have not used the tool in production reasons, but rather for study/education/research purposes. In fact, we carried our a benchmarking of Static Analysis Security Testing tools for research purposes from the perspective of a tool to be able to produce alerts meaningful for software developers. And I can say that Coverity demonstrated itself as a very good tool. **What do you dislike about Coverity?** There is nothing particular about Coverity that I dislike. Maybe only that there is no free version for educational reasons. **What problems is Coverity solving and how is that benefiting you?** I use Coverity Scan to scan my Open Source projects. Also, I used the results available for other projects to understand how secure these projects are and use them for research purposes. ### 20. Best allrounder available in market **Rating:** 5.0/5.0 stars **Reviewed by:** AMIT S. | Technical Lead, Enterprise (> 1000 emp.) **Reviewed Date:** June 05, 2020 **What do you like best about Coverity?** The best part is the UI. Very detail code review considering every parameter to look code efficient and safe. Fast and easy to use. **What do you dislike about Coverity?** Installation and configuration requires expertise in deployment of application. **Recommendations to others considering Coverity:** Nothing for now. **What problems is Coverity solving and how is that benefiting you?** Hello, I am Amit Shelke have used this tool for more than 4 years at Symantec Corp. I have also used other competitor product such as Crucible, Phabricator and CodeScene but the Coverity provides the best results when it comes to code review. On one of the site it is mentioned that "Coverity Static Code Analysis does not offer a free trial". Why should they do it. Its such a product you can buy fearlessly and assured that it works fantastically. ### 21. Very happy with Coverity Static analysis as well as product support **Rating:** 4.5/5.0 stars **Reviewed by:** Matt B. | Agile Architect, Enterprise (> 1000 emp.) **Reviewed Date:** June 05, 2020 **What do you like best about Coverity?** Being able to cluster the Coverity server was very helpful. We had 3 development centers around the world, and with clustering we were able to lessen the impact on the remote developers as well as consolidate the issue ids. This allowed us to have centralized reporting regarding the status of projects. **What do you dislike about Coverity?** On of my intial dislikes was the last of MISRA coverage, but as our usage went along Coverity added the MISRA checking that could be analized. **What problems is Coverity solving and how is that benefiting you?** The initial addition of memory leak type bugs and are not possible to find with a standard compiler. Memory leak escapes have been reduced. Memory leak escapes that were create prior to Coverity usage have been found. ### 22. I worked for Coverity Training. **Rating:** 5.0/5.0 stars **Reviewed by:** Glenn D. | Mid-Market (51-1000 emp.) **Reviewed Date:** June 16, 2020 **What do you like best about Coverity?** I worked for the company so I may be biased. That said, the customers who used it were happy with how well it worked, the depth of the analysis, and how few false positives were given. **What do you dislike about Coverity?** This is compiler-level analysis so for 50 million lines of code it takes time. The results are worth it. **Recommendations to others considering Coverity:** Try it on a sample to understand the accuracy of the analysis. **What problems is Coverity solving and how is that benefiting you?** On average, for 1 million lines of code it would identify 200 actual defects. True positives. The Linux kernel was analyzed as proof of dependability. There you can see the defects found and fixed. ### 23. Find and fix your defects in C or C++ using the Coverity tool for static analysis. **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Telecommunications | Mid-Market (51-1000 emp.) **Reviewed Date:** June 03, 2020 **What do you like best about Coverity?** Coverity Scan is used for static code analysis of Open Source projects. It can analyze C, C++, and Java code. Coverity’s static code analysis doesn’t run the code. Instead, it uses abstract interpretation to gain information about the code’s control flow and data flow. It’s able to follow all possible code paths that a program may take. For example, the analyzer understands that malloc() returns memory that must be freed with free() later. It follows all branches and function calls to see if all possible combinations free the memory. The analyzer is able to detect all sorts of issues like resource leaks (memory, file descriptors), NULL dereferencing, use after free, unchecked return values, dead code, buffer overflows, integer overflows, uninitialized variables, and many more. **What do you dislike about Coverity?** {"translation":"In some cases, it may not be precise. There could be incorrect identifications."} **What problems is Coverity solving and how is that benefiting you?** Buffer Overflow, unreferenced null, resource leak ### 24. Quite useful for project code run analysis and keep a record **Rating:** 5.0/5.0 stars **Reviewed by:** Priyanka S. | Software Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** June 01, 2020 **What do you like best about Coverity?** Organised way of keeping Defect records and quite through coverage of Code defects like memory leakage, unused variable, etc... Good for CI/CD implementation. Best for very large amount of Code and recudes manual power consumption majorly **What do you dislike about Coverity?** Not much coverage for Typescript and JavaScript. It's Manual can be enhanced by adding more practical commands and real-time images **Recommendations to others considering Coverity:** Try it out, if you find any obstruction Coverity Support system is very active and thrill to help always **What problems is Coverity solving and how is that benefiting you?** Not much informative manual. Difficult to find commands for Typescript and how to confirm if it is working fine or how to check its relaibility ### 25. My Experience at Coverity **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Computer Software | Small-Business (50 or fewer emp.) **Reviewed Date:** June 10, 2020 **What do you like best about Coverity?** I was there pretty early and the people were great - made some of my best friendships - Also, it was a new a tech and way of helping coders **What do you dislike about Coverity?** As the company grew, new management came in and the culture changed from what we new. It wasn' "bad", but it was different. Most people complain about changing culture so nothing shocking to report :) **Recommendations to others considering Coverity:** Just run your code through and see the high-level results. Pretty amazing what you will find **What problems is Coverity solving and how is that benefiting you?** Solving efficiencies in coding and hidden vulnerabilities in millions of lines of code. Great part about it is Coverity could be run and show the customer in 24 hours where there were red-flags to review ### 26. Static Code Analyzer **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Telecommunications | Mid-Market (51-1000 emp.) **Reviewed Date:** June 12, 2020 **What do you like best about Coverity?** the way the coverity generates the report for various issue like "possible leak", "variable going outof scope", this helps in fixing the issues which developers would have introduced due to quick fixes in the code. **What do you dislike about Coverity?** Some of issues which are reported by coverity will be false positive, the tool can be improved in those areas and i also would like coverity to add support for run time code analysis. **Recommendations to others considering Coverity:** i would recommend considering it results **What problems is Coverity solving and how is that benefiting you?** possible memory leak, variable going out of scope. These errors reported by coverity helps in re-looking the code and helps us to rethink and re-design the code in a better way so that production issues will be minimized. ### 27. Amit Gadekar's review **Rating:** 4.0/5.0 stars **Reviewed by:** Amit G. | Principal Software Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** June 20, 2020 **What do you like best about Coverity?** Coverity comes packed with loads of features for static code analysis. **What do you dislike about Coverity?** Not compatible with all of the programming languages. **What problems is Coverity solving and how is that benefiting you?** Mainly Coverity has helped us a lot in finding the loop holes which could have lead any attacker to breach into the web application. ### 28. Effective tool for C/C++ static code analysis **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Computer Software | Mid-Market (51-1000 emp.) **Reviewed Date:** June 15, 2020 **What do you like best about Coverity?** That it supports languages like C/C++ which most of the commercial tool don't support **What do you dislike about Coverity?** What I didn't like was tracing down the issues in source code file. Also, the user interface can be better. **What problems is Coverity solving and how is that benefiting you?** I used Coverity to scan source code written in C language which either many other tools don't support or not that effective. Coverity dows a good job there. ### 29. Accuracy with speeds in SW Development **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Computer & Network Security | Enterprise (> 1000 emp.) **Reviewed Date:** July 27, 2020 **What do you like best about Coverity?** Passive code scanning Quick turnaround Cost-effective bug fixes Helps to implement security as a process in day-to-day activities **What do you dislike about Coverity?** Speed in bug scanning False alarms Custom rules implementation Cloud integration **Recommendations to others considering Coverity:** Cost and quality delta improvements **What problems is Coverity solving and how is that benefiting you?** Critical security flaws Implement company-wide security controls ### 30. Excellent tool for static analysis and memory debugging **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Oil & Energy | Small-Business (50 or fewer emp.) **Reviewed Date:** June 27, 2020 **What do you like best about Coverity?** Identifying memory leaks, null dereference **What do you dislike about Coverity?** Coverity setup takes very long. Usability needs to be improved. **What problems is Coverity solving and how is that benefiting you?** Defects and vulnerabilities like memory leaks, dereference of null pointers, use of uninitialised data can be found out using coverity tool. ### 31. Nice overall security scanner **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User in Computer Software | Mid-Market (51-1000 emp.) **Reviewed Date:** September 26, 2019 **What do you like best about Coverity?** It's detection, it's UI and its ability to kick out nice reports **What do you dislike about Coverity?** It did miss a few minor things when we compared against other scanners **Recommendations to others considering Coverity:** Use Jenkins to scan the code both the raw code and also at compile time when it's pulling in all the libraries and dependencies. Whenever a MR is submitted to Gitlab, it triggers a Jenkins job which will scan the raw code. Whenever a Jenkins build is tagged as release candidate, Coverity gets pulled in after everything is downloaded and built/compiled/etc. **What problems is Coverity solving and how is that benefiting you?** It picked up all the big ones and it picked up a lot more stuff overall than the other scanners. The stuff it picked up was legitimate also, not a lot of false positives/alerts, useless noise that didn't warrant attention. We did a comprehensive analysis against multiple security scanners and spent 2 days comparing the scanning results of 4 different scanners against 4 different git repositories, aligning all the detections next to each other to see how they matched up, and in the end, Coverity won. ### 32. Very simple and powerful **Rating:** 3.0/5.0 stars **Reviewed by:** Verified User in Airlines/Aviation | Enterprise (> 1000 emp.) **Reviewed Date:** June 03, 2020 **What do you like best about Coverity?** Algorithms , dashboard and scan time **What do you dislike about Coverity?** No readme documents, tips should be attached with failure **What problems is Coverity solving and how is that benefiting you?** Static code , the quality of my code ### 33. Immediate help with errors and vulnerabilities in source codes **Rating:** 3.5/5.0 stars **Reviewed by:** Valerie R. | Information Technology Specialist, Information Technology and Services, Enterprise (> 1000 emp.) **Reviewed Date:** July 22, 2018 **What do you like best about Coverity?** It is a software with a very large utility. It is quite complete, meets all the features and functions promised from the beginning. It allows finding solutions to errors or problems in the source code quickly and safely. **What do you dislike about Coverity?** The interface makes the software use a little complicated, which is a bit annoying. In general, the software works excellently, without any inconvenience, all the reports so far are completely complete and detailed. **Recommendations to others considering Coverity:** Coverity is an indispensable tool for the website. It is fast and efficient, until now it has never failed us. It is really a useful and sustainable tool. I recommend that you try it and so you can receive all the great benefits. **What problems is Coverity solving and how is that benefiting you?** Coverity and its great functions has provided protection and immediate security to our website. Now with quick and detailed reports we can identify any error or vulnerability in the source code and thus, amend our error and find quick and immediate solutions. The website thanks to this is more protected from any errors, customers have noticed the difference, because we feel completely satisfied, with this great benefit that Coverity has brought to our work. ### 34. Fast and effective solutions to source code vulnerabilities **Rating:** 4.5/5.0 stars **Reviewed by:** Benjamin C. | Information Technology Specialist, Computer Software, Enterprise (> 1000 emp.) **Reviewed Date:** August 13, 2018 **What do you like best about Coverity?** There are many things that I can describe that are extraordinary in this software, significantly represents an effective use. - It works quickly, - Perform a thorough and accurate analysis. - It allows large scale to find quick solutions. - Ease of understanding of reports with detailed information on any threat or vulnerability that has the source code of my website. - Complete tools, work fluidly. - Its use is extremely simple. **What do you dislike about Coverity?** I feel that the interface is a little complicated to understand, it slows down the process and the analysis management. However I am attached to my opinion that despite all the software is complete and works perfectly. **Recommendations to others considering Coverity:** It is without a doubt an incredible software, with a lot of power and extremely necessary to take preventive measures against any threat that the source code or the website in general may have, so there may be quick solutions. If you are worried about any threat or inconvenience with your source code, you will find Coverity. It provides complete and accurate reports that will undoubtedly help find the best possible solutions. If that is what you need, I definitely recommend this magnificent tool. **What problems is Coverity solving and how is that benefiting you?** The search for quick solutions to any threat, vulnerability or problem that the source code present has been achieved thanks to Coverity, and that is not much to say. The preventive reports and analyzes have helped us to correct any inconvenience. We managed to offer all customers a new website, renewed and with an excellent presence. They are great benefits. ### 35. streamlines work **Rating:** 3.5/5.0 stars **Reviewed by:** Samanta L. | Area Manager, Environmental Services, Enterprise (> 1000 emp.) **Reviewed Date:** August 22, 2018 **What do you like best about Coverity?** It is a very profitable platform to locate errors that can make the source code of a project very bulnerable, showing in a very simple and organized way the report of errors and likewise be able to correct them through the different tools that this software has and have a good security In the code. **What do you dislike about Coverity?** Sometimes bug reports show failures that are not entirely source code errors, making repairing the code a bit cumbersome since it could be a bug in this software. They should make the platform a little more interactive. **Recommendations to others considering Coverity:** Recommended for any type of project either extensive or short codes, since having a good code defined without failures makes work less frustrating when it comes to applying your work. **What problems is Coverity solving and how is that benefiting you?** Serious security flaws have been found due to the completeness of the codes, coverity makes the work easier to detect vulnerability. ### 36. Solutions to different problems of source codes **Rating:** 5.0/5.0 stars **Reviewed by:** Ellena G. | Executive Director, Restaurants, Enterprise (> 1000 emp.) **Reviewed Date:** May 11, 2018 **What do you like best about Coverity?** What I like about this software is: - Simple to use, it is not at all complicated to learn to use it. - Quite complete, the features they have are practical and work very well. - Provides reports of the complete information of the vulnerabilities and inconveniences that the source code of the page presents. - Quick function. - Deep analysis - Help find systematic solutions. **What do you dislike about Coverity?** What I do not like is that the interface is a bit complex, in my opinion, what bothers me a little and interferes with my work as it makes the use of software more difficult. However until now all the reports have been very complete and accurate, I can not complain about how great it has worked so far. **Recommendations to others considering Coverity:** I recommend that you apply this software to your page and consult the complete reports that it provides, it offer the immediate results and detail in an effective way all the problems that the source code may have. This allows you to find quick solutions that are beneficial to your company. Try it and you will see that you will not regret it. **What problems is Coverity solving and how is that benefiting you?** The main benefits are the search for quick solutions, thanks to Coverity the security of our website has increased due to the fact that errors and vulnerabilities in the source code have diminished. Now our product is presented in a much more attractive way which has improved our business in a much bigger way than we thought. Now all our clients are totally pleased. ### 37. Innovation of problem solutions for source codes **Rating:** 5.0/5.0 stars **Reviewed by:** Grace P. | Information Technology Manager, Enterprise (> 1000 emp.) **Reviewed Date:** February 03, 2018 **What do you like best about Coverity?** It is a quite simple software to use, it provides quite complete reports regarding the information of the problems found in the source code of my page. It is fast and authentic, the analysis is comprehensive, contributes in this way to find solutions quickly and easily to prevent future complications with the website. **What do you dislike about Coverity?** The interface is a little charged, which has made using it difficult and complicated to understand. Sometimes it has happened that the analysis throws some erroneous information and it has had to be inspected manually, this delays and complicates the work. **Recommendations to others considering Coverity:** Now the codings of the company will have a high quality thanks to this software, it is very useful because, anyone likes to be warned before any error occurs, and Coverity gives you that great possibility. You can find solutions to errors so that your codes will always be in good condition and your product will be free from unsafe faults. **What problems is Coverity solving and how is that benefiting you?** Many goals have been achieved, in my company both partners and colleagues feel that now our product is offered with a high quality. Now our security is quite good, it has allowed us to be able to do in depth analysis to avoid any vulnerability or error in the code to prevent any failure before offering our product. ### 38. The best quality for the analysis of the code. **Rating:** 5.0/5.0 stars **Reviewed by:** Thania C. | Senior Vice President Marketing, Enterprise (> 1000 emp.) **Reviewed Date:** January 13, 2018 **What do you like best about Coverity?** I like how easy it is to use and the great capacity of immediate analysis that this software provides with respect to the source code. It explains quickly the errors and defects that the code can contain. **What do you dislike about Coverity?** There has been a small number of cases in which it gives a false alarm of error in the code, and complicates the work. Interface a bit complicated to use. **Recommendations to others considering Coverity:** It is a very useful software that will help to keep away from your codes the defects and any vulnerability that may exist, in this way you will find faster solutions and all your codifications will be of the best quality. **What problems is Coverity solving and how is that benefiting you?** It has benefited my work in the company because with this software it is now easier to find the defects and errors with their corresponding solutions to the source code, thus helping to make an exhaustive analysis before selling the product and implementing it. and quality to offer the best to our customers. ### 39. Coverity scan static analysis **Rating:** 3.5/5.0 stars **Reviewed by:** Susanna W. | Manager Marketing, Enterprise (> 1000 emp.) **Reviewed Date:** December 23, 2017 **What do you like best about Coverity?** It is effective when it comes to finding defects, errors and security vulnerabilities in the source code. The analysis of the corresponding code is effective which allows to correct the errors quickly in order to find solutions, thus representing a great utility for my company. **What do you dislike about Coverity?** In my opinion, the interface is a bit overloaded. It presents some faults when presenting the analysis of the codes and we had to redo the work of looking for defects because we found deficiency in the analysis of small errors. **Recommendations to others considering Coverity:** It is really useful to maintain the quality when you want to have a large and long-term project in which the equipment has different encodings, with the great help of Coverity it is possible to achieve the codification of all of them before existing vulnerabilities to achieve a clean and smooth job any error. **What problems is Coverity solving and how is that benefiting you?** Many things were achieved in my company, in which customers, colleagues and business partners are satisfied. Security risks have been avoided Ease of use of our product, also with a better quality Prevention of sending a bad job, thanks to the fact that we found the code defects before offering it. ### 40. Best Static Code analyzer **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Computer Software | Enterprise (> 1000 emp.) **Reviewed Date:** December 25, 2017 **What do you like best about Coverity?** Coverity is the best static code analyzer. It's actually a beast with so many functionalities. It's a must-have tool for all enterprises. I like the following features the most. - Nice Graphical interface - Plugins/integration with different code repositories/build frameworks. - SSO / LDAP integration to login. - Not very tough to learn the controls. - Detailed information for each defect. - Generation of detailed Coverity reports - Ability to filter / control various issues / defects. **What do you dislike about Coverity?** The entire coverity System is not a simple product. You need to spend some time to get used to their controls and all the functionalities. Sometimes, we see a lot of false negatives in the static code analysis. Even after marking some defects as invalid, we still see the same issues again and again. **What problems is Coverity solving and how is that benefiting you?** The main use of Coverity is to do static code analysis. It helps to discover a lot of issues with the badly written code (buffer overflows, NULL de-reference, dangling pointer etc). This also helps to fix major security issues in the code which is very very important in the software development life cycle. ### 41. A great and excellent service **Rating:** 4.5/5.0 stars **Reviewed by:** Melanie T. | Director, Small-Business (50 or fewer emp.) **Reviewed Date:** January 03, 2018 **What do you like best about Coverity?** Excellent when it comes to long lines of code which is able to find fault in new software that is being created, it is fast and efficient when finding an error or security failure. **What do you dislike about Coverity?** More suggestions on how to solve the security bug and sometimes fail to want to upload a project. **Recommendations to others considering Coverity:** Recommended for new developers of any language that need to find a security flaw. **What problems is Coverity solving and how is that benefiting you?** I corrected bugs from an android application and the tool found multiple bugs that made the application bulnerable. ### 42. Functional but duplicated information **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.) **Reviewed Date:** July 17, 2018 **What do you like best about Coverity?** The ability of separate bugs by types and different folders where the source code is located. **What do you dislike about Coverity?** There are a lot of duplicated information, and fake bugs that depending of the compiler it seems to be an error or not. **What problems is Coverity solving and how is that benefiting you?** Checking code syntax error and possible memory leaks. ### 43. Comprehensive static analysis tool **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.) **Reviewed Date:** July 08, 2018 **What do you like best about Coverity?** The reports are easy to read and understand, helping you find and fix bugs quickly. **What do you dislike about Coverity?** It can take a bit of work to set up suitably for a given project. **What problems is Coverity solving and how is that benefiting you?** Automates the process of catching otherwise hard to detect bugs in software. ### 44. Best for finding security issues **Rating:** 3.5/5.0 stars **Reviewed by:** Raju K. | Small-Business (50 or fewer emp.) **Reviewed Date:** June 04, 2018 **What do you like best about Coverity?** Security issues Static dynamic code analysis **What do you dislike about Coverity?** False positives are not detected properly with code analysis **What problems is Coverity solving and how is that benefiting you?** Code reviews for early security bugs ### 45. Well done service **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User in Computer & Network Security | Small-Business (50 or fewer emp.) **Reviewed Date:** July 30, 2018 **What do you like best about Coverity?** The good technical service it offers, in less than 24h **What do you dislike about Coverity?** The user experience is a bit confusing if you're new **What problems is Coverity solving and how is that benefiting you?** Security issues we have everyday ### 46. Coverity **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Semiconductors | Enterprise (> 1000 emp.) **Reviewed Date:** November 08, 2017 **What do you like best about Coverity?** It scrutinizes code with somewhat blind logic and address weak point of the code. It is good at identifying vulnerable points and helps toward future proof coding. Automatic backround run also make its integration into code flow seamless. Code analysis and suggestion is quite amazing and accurate so help the fix or improvement a lot. **What do you dislike about Coverity?** By nature, it runs blind test to many degree so usage based limits are not well honored. It's like double edge of sword so it is its own strong point but at the same time somewhat stubburn point also. Review or coordinated work support is one of lacking capability. It just has tracking capability currently. **Recommendations to others considering Coverity:** For longer term projects, across large group of teams with different coding level background, coverity can be a great tool to maintain quality and plug possible vulnerable coding practice through through check. **What problems is Coverity solving and how is that benefiting you?** Robustness in code in general. Great help in achieving uniform coding quality across multiple team with diverse background. ### 47. Detailed and Complete **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Computer Software | Mid-Market (51-1000 emp.) **Reviewed Date:** December 18, 2017 **What do you like best about Coverity?** Specific feedback broken down to the line of code where the opportunity for improvement has been found. Can easily track which issues have been addressed and what the resolution was, or that code is as expected or otherwise won't be updated and it will quit flagging that issue. **What do you dislike about Coverity?** Adds overhead to the build, slowing them down a bit. I also understand that it is fairly expensive although I don't manage the budget so I just try to make good use of the results. **Recommendations to others considering Coverity:** We also considered using Visual Studio Team System tools, NAnt and SonarQube. **What problems is Coverity solving and how is that benefiting you?** Shipping code with fewer bugs. We also used it to evaluate changes from one compiler version to the next. ### 48. Great tool for finding code defects **Rating:** 4.5/5.0 stars **Reviewed by:** Bill C. | Mid-Market (51-1000 emp.) **Reviewed Date:** December 12, 2017 **What do you like best about Coverity?** Coverity was able to find code defects that other products were unable to find. It was incorporated in our build easily and support was great. **What do you dislike about Coverity?** We hit a few defects when looking at our million+ lines of code project. Some were not code defects but flagged as defects. Others we would like to pass certian constructs without warning, but were unable. **What problems is Coverity solving and how is that benefiting you?** We were able to increase reliability of our product which made our customers very happy. ### 49. Coverity - Static Code Analysis Tool of Choice **Rating:** 5.0/5.0 stars **Reviewed by:** Benjamin C. | Director - Application Security, Computer Software, Enterprise (> 1000 emp.) **Reviewed Date:** November 28, 2017 **What do you like best about Coverity?** The 2017 version of Coverity scans the latest of version of C++ and Javascript (ES6) better than the other SAST tools. **What do you dislike about Coverity?** Coverity's licensing is based on the number of developers who work on a component that is scanned, rather than the number of developers who actually use the tool. **What problems is Coverity solving and how is that benefiting you?** Business problems being solved by using Coverity are to uncover security vulnerabilities in code before code is released. We have caught security vulnerabilities before code has been released to the livesite. ### 50. Good tool for static analysis **Rating:** 4.0/5.0 stars **Reviewed by:** Jim C. | Director of QA, Internet, Mid-Market (51-1000 emp.) **Reviewed Date:** December 21, 2017 **What do you like best about Coverity?** Very good for embedded development and very effective in detecting hard-to-find bugs. Very low false positive rate. **What do you dislike about Coverity?** Analysis Result dashboard can be more user friendly. **Recommendations to others considering Coverity:** Useful for finding the corner cases and minute bugs **What problems is Coverity solving and how is that benefiting you?** It supports wide variety of platforms and with number of different compilers. ## Coverity Discussions - [What is Coverity used for?](https://www.g2.com/discussions/what-is-coverity-used-for) - [What is coverity connect?](https://www.g2.com/discussions/what-is-coverity-connect) - [How does Coverity Static Analysis work?](https://www.g2.com/discussions/how-does-coverity-static-analysis-work) - [What is Coverity report?](https://www.g2.com/discussions/what-is-coverity-report) - [What is Coverity software?](https://www.g2.com/discussions/what-is-coverity-software) - [View Coverity pricing details and edition comparison](https://www.g2.com/products/coverity/reviews?section=pricing&secure%5Bexpires_at%5D=2026-05-13+12%3A42%3A08+-0500&secure%5Bsession_id%5D=21e82018-c912-44da-a287-a230f1bcb24a&secure%5Btoken%5D=0703877e28b414fe9d9b639a8a39ee2690ab9ef692730107e4a266c428cbb3a7&format=llm_user) ## Coverity Features **Administration** - API / Integrations - Extensibility **Documentation** - Feedback - Prioritization - Remediation Suggestions **Agentic AI - Static Code Analysis** - Adaptive Learning - Natural Language Interaction - Proactive Assistance **Analysis** - Reporting and Analytics - Issue Tracking - Static Code Analysis - Code Analysis **Security** - False Positives - Custom Compliance - Agility **Testing** - Command-Line Tools - Manual Testing - Test Automation - Compliance Testing - Black-Box Scanning - Detection Rate - False Positives **Agentic AI - Static Application Security Testing (SAST)** - Autonomous Task Execution ## Top Coverity Alternatives - [SonarQube](https://www.g2.com/products/sonarqube/reviews) - 4.4/5.0 (138 reviews) - [Checkmarx](https://www.g2.com/products/checkmarx/reviews) - 4.2/5.0 (32 reviews) - [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews) - 3.8/5.0 (24 reviews)