Try our new research platform with insights from 80,000+ expert users

Coverity vs SonarQube Cloud (formerly SonarCloud) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 15, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Coverity
Ranking in Static Application Security Testing (SAST)
5th
Average Rating
7.8
Reviews Sentiment
6.5
Number of Reviews
43
Ranking in other categories
No ranking in other categories
SonarQube Cloud (formerly S...
Ranking in Static Application Security Testing (SAST)
10th
Average Rating
8.2
Reviews Sentiment
6.2
Number of Reviews
16
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of August 2025, in the Static Application Security Testing (SAST) category, the mindshare of Coverity is 7.0%, up from 6.9% compared to the previous year. The mindshare of SonarQube Cloud (formerly SonarCloud) is 4.5%, down from 6.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Jaile Sebes - PeerSpot reviewer
Resolving critical software issues demands faster implementation and better integration
We use Coverity primarily to find issues such as software bugs and memory leaks, especially in C++ and C# projects. It helps us identify deadlocks, synchronization issues, and product crashes Coverity has been instrumental in resolving product crashes by detecting various issues like deadlocks.…
Archana Verma - PeerSpot reviewer
Provides valuable insights on code vulnerabilities and integrates seamlessly with CI/CD pipelines
I find SonarQube Cloud to be very user-friendly with an easy-to-use interface. It provides detailed code smell reports and insights on hotspots, which can later represent security vulnerabilities. It gives precise reports compared to Coverity and has a slightly lower number of false positives. It is integrated easily with the CI/CD pipeline, saving time and cost. It provides information on upcoming vulnerability details and loopholes that might turn into vulnerabilities.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"In my opinion, the most effective Coverity feature for identifying critical vulnerabilities is the extra checks, which offers deep analysis."
"The most valuable feature of Coverity is the wrapper. We use the wrapper to build the C++ component, then we use the other code analysis to analyze the code to the build object, and then send back the result to the SonarQube server. Additionally, it is a powerful capabilities solution."
"The most valuable feature is that there were not a whole lot of false positives, at least on the codebases that I looked at."
"What I find most effective about Coverity is its low rate of false positives. I've seen other platforms with many false positives, but with Coverity, most vulnerabilities it identifies are genuine. This allows me to focus on real issues."
"The most valuable feature is the integration with Jenkins."
"One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited."
"Coverity integrates with issue-tracking systems like Jira and provides email notifications, alerts, and other features."
"The app analysis is the most valuable feature as I know other solutions don't have that."
"The SaaS solution for checking code without execution and dealing with security issues is valuable."
"Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service."
"For what it is meant to do, it works pretty well."
"I find SonarQube Cloud to be very user-friendly with an easy-to-use interface."
"I'm not implementing the solutions. However, I've talked to the people who deploy the tools, and they are happy with how easy setting up SonarCloud is."
"I find SonarQube Cloud very easy to use and simple to integrate initially."
"The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions."
"The most valuable features of SonarQube Cloud (formerly SonarCloud) include code inspection, addressing technical debt, and identifying security vulnerabilities."
 

Cons

"Coverity takes a lot of time to dereference null pointers."
"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."
"They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier."
"The quality of the code needs improvement."
"Coverity is far from perfection, and I'm not 100 percent sure it's helping me find what I need to find in my role. We need exactly what we are looking for, i.e. security errors and vulnerabilities. It doesn't seem to be reporting while we are changing our code."
"Sometimes it's a bit hard to figure out how to use the product’s UI."
"Coverity concerns its dashboards and reporting."
"Sometimes, vulnerabilities remain unidentified even after setting up the rules."
"We had some issues with the scanner."
"The documentation needs improvement on optimizing build time for seamless CI/CD integration with our Android apps."
"SonarCloud's UI needs enhancement."
"SonarQube Cloud could improve its vulnerability detection compared to Veracode. Additionally, it has fewer capabilities, which prompted us to use Veracode."
"It would be helpful if notifications could go out to an extra person."
"I need a solution that can bring together three key areas: vulnerabilities, static scanning, and misarchitecture. Currently, to achieve our expectations, we have to use more than one product, as some products excel at scanning for vulnerabilities but are poor at checking code quality."
"SonarQube Cloud could improve its vulnerability detection compared to Veracode."
"Reporting features are missing in SonarCloud."
 

Pricing and Cost Advice

"The tool was fairly priced."
"The licensing fees are based on the number of lines of code."
"I rate Coverity's price a ten on a scale of one to ten, where one is cheap and ten is expensive."
"Coverity is very expensive."
"Coverity is quite expensive."
"Coverity’s price is on the higher side. It should be lower."
"This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis."
"I would rate the pricing a six out of ten, where one is low, and ten is high price."
"Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost."
"I rate the pricing a five out of ten."
"The current pricing is quite cheap."
"The price of SonarCloud is not expensive, it goes by the lines of code. 1 million lines per code are approximately 4,000 USD per year. If you need 2 million lines of code you would double the annual cost."
"While not extremely cheap, it aligns well with market standards and offers good value."
"The price of SonarCloud could be less expensive. We are using the community version and the price should be more reasonable."
"I am using the free version of the solution."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
865,295 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
32%
Computer Software Company
14%
Financial Services Firm
6%
Government
4%
Computer Software Company
17%
Financial Services Firm
10%
Manufacturing Company
9%
Insurance Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
What do you like most about Coverity?
The solution has improved our code quality and security very well.
What do you like most about SonarCloud?
Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service.
What is your experience regarding pricing and costs for SonarCloud?
From my experience, SonarQube Cloud (formerly SonarCloud) is very expensive for small companies. It would be a great improvement if the price for smaller companies were reduced, as I do not have th...
What needs improvement with SonarCloud?
I need a solution that can bring together three key areas: vulnerabilities, static scanning, and misarchitecture. Currently, to achieve our expectations, we have to use more than one product, as so...
 

Also Known As

Synopsys Static Analysis
No data available
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

SAP, Mega International, Thales Alenia Space
Information Not Available
Find out what your peers are saying about Coverity vs. SonarQube Cloud (formerly SonarCloud) and other solutions. Updated: July 2025.
865,295 professionals have used our research since 2012.