I like that Coverity Scan is Free for open-source projects. In fact, I have not used the tool in production reasons, but rather for study/education/research purposes. In fact, we carried our a benchmarking of Static Analysis Security Testing tools for research purposes from the perspective of a tool to be able to produce alerts meaningful for software developers. And I can say that Coverity demonstrated itself as a very good tool. Review collected by and hosted on G2.com.
There is nothing particular about Coverity that I dislike. Maybe only that there is no free version for educational reasons. Review collected by and hosted on G2.com.
The best part is the UI.
Very detail code review considering every parameter to look code efficient and safe.
Fast and easy to use. Review collected by and hosted on G2.com.
Installation and configuration requires expertise in deployment of application. Review collected by and hosted on G2.com.
Being able to cluster the Coverity server was very helpful. We had 3 development centers around the world, and with clustering we were able to lessen the impact on the remote developers as well as consolidate the issue ids. This allowed us to have centralized reporting regarding the status of projects. Review collected by and hosted on G2.com.
On of my intial dislikes was the last of MISRA coverage, but as our usage went along Coverity added the MISRA checking that could be analized. Review collected by and hosted on G2.com.
I worked for the company so I may be biased. That said, the customers who used it were happy with how well it worked, the depth of the analysis, and how few false positives were given. Review collected by and hosted on G2.com.
This is compiler-level analysis so for 50 million lines of code it takes time. The results are worth it. Review collected by and hosted on G2.com.
Coverity Scan is used for static code analysis of Open Source projects. It can analyze C, C++ and Java code.
Coverity’s static code analysis doesn’t run the code. Instead of that it uses abstract interpretation to gain information about the code’s control flow and data flow. It’s able to follow all possible code paths that a program may take. For example the analyzer understands that malloc() returns a memory that must be freed with free() later. It follows all branches and function calls to see if all possible combinations free the memory. The analyzer is able to detect all sorts of issues like resource leaks (memory, file descriptors), NULL dereferencing, use after free, unchecked return values, dead code, buffer overflows, integer overflows, uninitialized variables, and many more Review collected by and hosted on G2.com.
Sometimes it may not be accurate. There might be false positives Review collected by and hosted on G2.com.
Organised way of keeping Defect records and quite through coverage of Code defects like memory leakage, unused variable, etc...
Good for CI/CD implementation.
Best for very large amount of Code and recudes manual power consumption majorly Review collected by and hosted on G2.com.
Not much coverage for Typescript and JavaScript.
It's Manual can be enhanced by adding more practical commands and real-time images Review collected by and hosted on G2.com.
I was there pretty early and the people were great - made some of my best friendships - Also, it was a new a tech and way of helping coders Review collected by and hosted on G2.com.
As the company grew, new management came in and the culture changed from what we new. It wasn' "bad", but it was different. Most people complain about changing culture so nothing shocking to report :) Review collected by and hosted on G2.com.
the way the coverity generates the report for various issue like "possible leak", "variable going outof scope", this helps in fixing the issues which developers would have introduced due to quick fixes in the code. Review collected by and hosted on G2.com.
Some of issues which are reported by coverity will be false positive, the tool can be improved in those areas and i also would like coverity to add support for run time code analysis. Review collected by and hosted on G2.com.
That it supports languages like C/C++ which most of the commercial tool don't support Review collected by and hosted on G2.com.
What I didn't like was tracing down the issues in source code file. Also, the user interface can be better. Review collected by and hosted on G2.com.
Passive code scanning
Quick turnaround
Cost-effective bug fixes
Helps to implement security as a process in day-to-day activities Review collected by and hosted on G2.com.
Speed in bug scanning
False alarms
Custom rules implementation
Cloud integration Review collected by and hosted on G2.com.
It is a software with a very large utility. It is quite complete, meets all the features and functions promised from the beginning. It allows finding solutions to errors or problems in the source code quickly and safely. Review collected by and hosted on G2.com.
The interface makes the software use a little complicated, which is a bit annoying. In general, the software works excellently, without any inconvenience, all the reports so far are completely complete and detailed. Review collected by and hosted on G2.com.
There are many things that I can describe that are extraordinary in this software, significantly represents an effective use.
- It works quickly,
- Perform a thorough and accurate analysis.
- It allows large scale to find quick solutions.
- Ease of understanding of reports with detailed information on any threat or vulnerability that has the source code of my website.
- Complete tools, work fluidly.
- Its use is extremely simple. Review collected by and hosted on G2.com.
I feel that the interface is a little complicated to understand, it slows down the process and the analysis management. However I am attached to my opinion that despite all the software is complete and works perfectly. Review collected by and hosted on G2.com.
It is a very profitable platform to locate errors that can make the source code of a project very bulnerable, showing in a very simple and organized way the report of errors and likewise be able to correct them through the different tools that this software has and have a good security In the code. Review collected by and hosted on G2.com.
Sometimes bug reports show failures that are not entirely source code errors, making repairing the code a bit cumbersome since it could be a bug in this software. They should make the platform a little more interactive. Review collected by and hosted on G2.com.
What I like about this software is:
- Simple to use, it is not at all complicated to learn to use it.
- Quite complete, the features they have are practical and work very well.
- Provides reports of the complete information of the vulnerabilities and inconveniences that the source code of the page presents.
- Quick function.
- Deep analysis
- Help find systematic solutions. Review collected by and hosted on G2.com.
What I do not like is that the interface is a bit complex, in my opinion, what bothers me a little and interferes with my work as it makes the use of software more difficult. However until now all the reports have been very complete and accurate, I can not complain about how great it has worked so far. Review collected by and hosted on G2.com.
It is a quite simple software to use, it provides quite complete reports regarding the information of the problems found in the source code of my page. It is fast and authentic, the analysis is comprehensive, contributes in this way to find solutions quickly and easily to prevent future complications with the website. Review collected by and hosted on G2.com.
The interface is a little charged, which has made using it difficult and complicated to understand. Sometimes it has happened that the analysis throws some erroneous information and it has had to be inspected manually, this delays and complicates the work. Review collected by and hosted on G2.com.
I like how easy it is to use and the great capacity of immediate analysis that this software provides with respect to the source code. It explains quickly the errors and defects that the code can contain. Review collected by and hosted on G2.com.
There has been a small number of cases in which it gives a false alarm of error in the code, and complicates the work. Interface a bit complicated to use. Review collected by and hosted on G2.com.
It is effective when it comes to finding defects, errors and security vulnerabilities in the source code. The analysis of the corresponding code is effective which allows to correct the errors quickly in order to find solutions, thus representing a great utility for my company. Review collected by and hosted on G2.com.
In my opinion, the interface is a bit overloaded. It presents some faults when presenting the analysis of the codes and we had to redo the work of looking for defects because we found deficiency in the analysis of small errors. Review collected by and hosted on G2.com.
Coverity is the best static code analyzer. It's actually a beast with so many functionalities. It's a must-have tool for all enterprises. I like the following features the most.
- Nice Graphical interface
- Plugins/integration with different code repositories/build frameworks.
- SSO / LDAP integration to login.
- Not very tough to learn the controls.
- Detailed information for each defect.
- Generation of detailed Coverity reports
- Ability to filter / control various issues / defects. Review collected by and hosted on G2.com.
The entire coverity System is not a simple product. You need to spend some time to get used to their controls and all the functionalities. Sometimes, we see a lot of false negatives in the static code analysis. Even after marking some defects as invalid, we still see the same issues again and again. Review collected by and hosted on G2.com.
Excellent when it comes to long lines of code which is able to find fault in new software that is being created, it is fast and efficient when finding an error or security failure. Review collected by and hosted on G2.com.
More suggestions on how to solve the security bug and sometimes fail to want to upload a project. Review collected by and hosted on G2.com.