Try our new research platform with insights from 80,000+ expert users
Coverity Logo

Coverity Reviews

Vendor: Black Duck
3.9 out of 5
Leave a review

What is Coverity?

Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts. 

Get the Coverity Buyer's Guide and find out what your peers are saying about Coverity, SonarQube Server (formerly SonarQube), GitLab and more!
Coverity is the #5 ranked solution in AST tools. PeerSpot users give Coverity an average rating of 7.8 out of 10. Coverity is most commonly compared to SonarQube Server (formerly SonarQube): Coverity vs SonarQube Server (formerly SonarQube). Coverity is popular among the large enterprise segment, accounting for 75% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a manufacturing company, accounting for 32% of all views.
Buyer's Guide
Coverity
August 2025
Get the report
Helped 866,218 peers since 2012

Featured Coverity reviews

Read more reviews

Coverity mindshare

As of August 2025, the mindshare of Coverity in the Static Application Security Testing (SAST) category stands at 7.0%, up from 6.9% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Static Application Security Testing (SAST) Market Share Distribution
ProductMarket Share (%)
Coverity7.0%
SonarQube Server (formerly SonarQube)22.1%
Checkmarx One10.0%
Other60.9%
Static Application Security Testing (SAST)

PeerResearch reports based on Coverity reviews

TypeTitleDate
CategoryStatic Application Security Testing (SAST)Aug 29, 2025Download
ProductReviews, tips, and advice from real usersAug 29, 2025Download
ComparisonCoverity vs SonarQube Server (formerly SonarQube)Aug 29, 2025Download
ComparisonCoverity vs VeracodeAug 29, 2025Download
ComparisonCoverity vs Checkmarx OneAug 29, 2025Download
Suggested products
TitleRatingMindshareRecommending
SonarQube Server (formerly SonarQube)4.022.1%81%116 interviewsAdd to research
GitLab4.22.4%97%85 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

Valuable features of Coverity include low false positive rates, faster scanning, inline context-sensitive help, and great integration with CI/CD tools. Coverity excels in security analysis, vulnerability identification, interprocedural analysis, and customizable triage. The ability to publish analysis results, provide extensive reports, contributing event features, and seamless integration with Jenkins, GitLab, SonarQube, and diverse deployment options enhance its utility. Coverity's user-friendly interface and detailed remediation guidance further enrich development speed and code quality improvement.
  • "Coverity provides excellent compliance and other features, which is a very good part."
  • "Coverity is easy to use and easy to integrate with CI."
  • "Coverity is easy to use and easy to integrate with CI."

Room for Improvement

Coverity users highlight the need for a more dynamic reporting engine with better customization capabilities. Complexity in user interface design and limited integration with popular IDEs are notable concerns. The system's performance and price are also called into question, alongside challenges with handling false positives and providing accurate feature coverage. Improved support for dynamic scanning and enhanced integration with external analytics tools like SonarQube and Git are often requested by the community.
  • "The price is a concern, and there are a lot of false positives coming through."
  • "There is an extra step in my organization that involves uploading to servers, which adds overhead."
  • "Coverity's implementation cycle is very slow when integrating changes, especially for problems related to event handling and memory leaks."

ROI

Organizations experienced an ROI from Coverity, which increased staff productivity by around 20%. They also valued the IDE plugin for its ability to detect defects early in development, saving costs. Coverity's defect identification before QA or staging led to long-term value. Some users emphasized its role in enhancing security for client products. While not every company saw a sufficient ROI, many appreciated Coverity’s benefits and continued its use over the years.

Pricing

Enterprise buyers find Coverity's pricing expensive, with licenses based on user count. Many suggest pricing based on code lines would be more cost-effective for large developer teams. The yearly licensing model can be competitive, though it is often seen as on the higher side. Some users find the cost reasonable, especially with multi-year agreements. Others highlight the pricing's flexibility when considering various usage scenarios, yet there are concerns about the affordability for acquiring more licenses.
  • "The solution's pricing is comparable to other products."
  • "Depending on the usage types, one has to opt for different types of licenses from Coverity, especially to be able to use areas like report viewing or report generation."
  • "I would rate Coverity's pricing as a nine out of ten. It's already very expensive, and it's a problem for us to get more licenses due to the price. The pricing model has some good aspects - for example, a personal license gives access to all languages without code limitations, which is better than some competitors. However, it's still a lot of money for us to spend."

Popular Use Cases

Organizations primarily utilize Coverity for static code analysis, raising code quality, security, and robustness, especially during integration and development phases. It is often deployed on-premises for auditing, code security, and vulnerability detection. Coverity aids in identifying software bugs, memory leaks, and synchronization issues, supporting various programming languages such as Java, C, and C++. The tool integrates with CI/CD pipelines, helping mitigate security risks early in the software development lifecycle.

Service and Support

Coverity customer service is friendly and responsive, though response times can vary. Technical support is knowledgeable and effective, with premium options available for 24/7 assistance. Users rate technical support positively, with scores typically between seven to nine out of ten. Some express satisfaction with quick responses and helpfulness, while others mention occasional delays or less experienced representatives. Coverage includes email, call, WebEx, and Zoom support, with custom patches provided when needed.

Deployment

Coverity's initial setup is generally seen as straightforward, though some users find it complex due to integration challenges and missing features. Installation varies in duration, from a few minutes to several weeks, depending on specific environments and integrations. The setup for Windows tends to be simpler compared to Linux. Users appreciate the documentation provided, yet they suggest improvements in addressing practical installation details and illustrative examples. Maintenance is often viewed as manageable with vendor support.

Scalability

Users express that Coverity is scalable, performing well for various user counts and integration needs. It receives ratings ranging from good to excellent in scalability. Scaling can require additional hardware or cloud resources. Organizational sizes vary, with some using it across hundreds or thousands of users. Licensing costs may influence scaling decisions. Users recommend the use of containers for better scalability, while integration with CI/CD tools aids effectiveness.

Stability

Coverity is generally stable, with good performance and minimal issues. It's robust and reliable, having been in the industry for decades. Some noted occasional slowdowns during large projects or cloud setups, but these were infrequent. Users rate its stability highly, often around eight or nine out of ten. While some fixes and tuning are occasionally needed for updates, it consistently meets organizational needs without frequent OS configuration changes.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Coverity Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business8
Midsize Enterprise5
Large Enterprise22
By reviewers
By visitors reading reviews
Company SizeCount
Small Business398
Midsize Enterprise311
Large Enterprise2144
By visitors reading reviews

Top industries

By visitors reading reviews
Manufacturing Company
32%
Computer Software Company
14%
Financial Services Firm
6%
Government
4%
Healthcare Company
3%
Aerospace/Defense Firm
3%
Retailer
3%
Comms Service Provider
3%
University
3%
Educational Organization
3%
Media Company
3%
Consumer Goods Company
2%
Transportation Company
2%
Real Estate/Law Firm
2%
Construction Company
2%
Non Profit
2%
Insurance Company
2%
Wholesaler/Distributor
1%
Engineering Company
1%
Energy/Utilities Company
1%
Outsourcing Company
1%
Legal Firm
1%
Hospitality Company
1%
Performing Arts
1%
Recreational Facilities/Services Company
1%
Logistics Company
1%
Pharma/Biotech Company
1%

Compare Coverity with alternative products

Go!

Learn more about Coverity

Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports more than 20 languages and 200 frameworks and templates.

Coverity was previously known as Synopsys Static Analysis.

Coverity customers

SAP, Mega International, Thales Alenia Space

Related questions

  • 127
What is the difference between Coverity and SonarQube?
  • 47
What is the biggest difference between Coverity and SonarQube?
  • 775
How would you decide between Coverity and Sonarqube?
  • 11
What Application Security Solution Do You Use That Is DevOps Friendly?
  • 16
Which is the most comprehensive open source Web Security Testing tool?
  • 68
What is the best Application Security Testing platform?
  • 9
When evaluating Application Security Testing, what aspect do you think is the most important to look for?
  • 23
SAST vs. DAST: Which is better for application security testing?
  • 34
What tools do you rely on for building a DevSecOps pipeline?
  • 40
What does the Log4j/Log4Shell vulnerability mean for your company?

Product Categories

Product Categories
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs Coverity Logo
SonarQube Server (formerly SonarQube) vs Coverity
GitLab vs Coverity Logo
GitLab vs Coverity
Snyk vs Coverity Logo
Snyk vs Coverity
Checkmarx One vs Coverity Logo
Checkmarx One vs Coverity
Veracode vs Coverity Logo
Veracode vs Coverity
OpenText Core Application Security vs Coverity Logo
OpenText Core Application Security vs Coverity
OWASP Zap vs Coverity Logo
OWASP Zap vs Coverity
SonarQube Cloud (formerly SonarCloud) vs Coverity Logo
SonarQube Cloud (formerly SonarCloud) vs Coverity
Acunetix vs Coverity Logo
Acunetix vs Coverity
HCL AppScan vs Coverity Logo
HCL AppScan vs Coverity
PortSwigger Burp Suite Professional vs Coverity Logo
PortSwigger Burp Suite Professional vs Coverity
Qualys Web Application Scanning vs Coverity Logo
Qualys Web Application Scanning vs Coverity
Klocwork vs Coverity Logo
Klocwork vs Coverity
Semgrep vs Coverity Logo
Semgrep vs Coverity
Invicti vs Coverity Logo
Invicti vs Coverity
See all alternatives
 
Coverity Reviews Summary
Author infoRatingReview Summary
Lead Information Security at GEP Worldwide at ReBIT4.5I use Coverity for code scanning to identify security vulnerabilities early in the development phase. Its valuable feature is the IDE plugin for real-time security checks. Improvement could include detecting zero-day vulnerabilities. Coverity is more user-friendly and feature-rich compared to alternatives like Checkmarx.
Senior Software Architect at a tech vendor with 10,001+ employees4.0We use Coverity to detect software bugs and memory leaks in C++ and C# projects, valuing its interprocedural analysis capabilities. Despite its slow implementation and high license cost, it offers better security analysis compared to SonarQube.
Software Engineering Manager at Visteon Corporation4.0I use Coverity in my company for its excellent compliance features, but its high price and frequent false positives are concerns. The support takes too long, so we switched to a more cost-effective platform that better suits our needs.
Software Quality Expert at Endress+Hauser AG3.0Coverity excels in identifying critical vulnerabilities with its detailed analysis but struggles with submodule automation. Its interface is less intuitive than SonarQube’s, yet its analysis quality is superior. Improved usability and responsiveness, especially for C++, would enhance its appeal.
Information Security Analyst at Banglalink4.5Coverity allows me to implement security benchmarks and identify code issues before production. Its user-friendly interface and reporting are valuable, though updates to reflect current OWASP standards are needed. I found it more user-friendly than other solutions during evaluation.
Senior Solutions Architect at Telstra4.0I work on multiple projects, and Coverity provides robust security, quality checks, and efficient disk space usage compared to CodeSonar. Its excellent integration with IDEs and CI/CD tools enhances shift-left testing while reducing defect identification costs.
Software Engineer at a manufacturing company with 10,001+ employees3.5I use Coverity for static code analysis to enhance security, finding it easy to integrate with CI. Despite some server upload overhead and initial reporting challenges, it offers good scalability and straightforward deployment.
Technical Architect at Elastic Care Inc5.0I used Coverity to perform security scans on our healthcare application to meet FDA requirements, which effectively identified vulnerabilities and integrated well with CI/CD. However, it needs customization for prioritizing issues to focus on critical ones.