Try our new research platform with insights from 80,000+ expert users

Coverity vs SonarQube Cloud (formerly SonarCloud) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 9, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Coverity
Ranking in Static Application Security Testing (SAST)
4th
Average Rating
7.8
Reviews Sentiment
6.5
Number of Reviews
42
Ranking in other categories
No ranking in other categories
SonarQube Cloud (formerly S...
Ranking in Static Application Security Testing (SAST)
8th
Average Rating
8.2
Reviews Sentiment
6.6
Number of Reviews
13
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of April 2025, in the Static Application Security Testing (SAST) category, the mindshare of Coverity is 8.0%, up from 7.0% compared to the previous year. The mindshare of SonarQube Cloud (formerly SonarCloud) is 6.6%, down from 6.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Md. Shahriar Hussain - PeerSpot reviewer
Offers impressive reporting features with user-friendliness and high scalability
The solution can be easily setup but requires heavy integration due to the multiple types of port and programming languages involved. Comparing the resource requirements of the solution I would say it can be installed effortlessly. I would rate the initial setup an eight out of ten. A professional needs some pre-acquired knowledge to manage Coverity's deployment process, but the local solution partners provide support well enough for trouble-free deployment. The overall deployment process of Coverity took around two and a half hours in our organization. The deployment duration depends upon the operating system and resources including high-end RAM and CPU processors.
Archana Verma - PeerSpot reviewer
Provides valuable insights on code vulnerabilities and integrates seamlessly with CI/CD pipelines
I find SonarQube Cloud to be very user-friendly with an easy-to-use interface. It provides detailed code smell reports and insights on hotspots, which can later represent security vulnerabilities. It gives precise reports compared to Coverity and has a slightly lower number of false positives. It is integrated easily with the CI/CD pipeline, saving time and cost. It provides information on upcoming vulnerability details and loopholes that might turn into vulnerabilities.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be."
"Coverity is easy to use and easy to integrate with CI."
"Coverity is quite stable and we haven’t had any issues or any downtime."
"The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent."
"I like Coverity's capability to scan codes once we push it. We don't need more time to review our colleagues' codes. Its UI is pretty straightforward."
"The features I find most valuable is that our entire company can publish the analysis results into our central space."
"The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time."
"It's very stable."
"The reports from SonarCloud are very good."
"Its dashboard provides a unified view of various code quality metrics, including code duplication, unit test coverage, and security hotspots."
"I find SonarQube Cloud to be very user-friendly with an easy-to-use interface."
"I find SonarQube Cloud to be very user-friendly with an easy-to-use interface."
"The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions."
"Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service."
"I'm not implementing the solutions. However, I've talked to the people who deploy the tools, and they are happy with how easy setting up SonarCloud is."
"The solution can be installed locally."
 

Cons

"They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier."
"Its price can be improved. Price is always an issue with Synopsys."
"I had tried integrating the tool with Azure DevOps, but the report I got stated that my team faced many challenges."
"The reporting tool integration process is sometimes slow."
"Coverity is not stable."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"Some features are not performing well, like duplicate detection and switch case situations."
"Coverity concerns its dashboards and reporting."
"The solution needs to improve its customization and flexibility."
"There's room for improvement in the configuration process, particularly during the initial setup phase."
"The UI can be improved."
"CI/CD pipeline is part of a whole chain of design, development, and production, and it's becoming increasingly crucial to optimize the various tools across different stages. However, it's still a silo approach because the full integration is missing. This isn't just an issue with SonarCloud. It's a general problem with tooling."
"I've been told by the developers that the solution is too limited. It's not testing enough within the containers."
"The reports could improve by providing more information. We are not able to use the reports in our operation until they are improved. Additionally, if the vendor provided more customization capabilities it would be a benefit."
"We had some issues with the scanner."
"SonarQube Cloud could improve its vulnerability detection compared to Veracode. Additionally, it has fewer capabilities, which prompted us to use Veracode."
 

Pricing and Cost Advice

"Coverity is very expensive."
"I would rate the tool's pricing a one out of ten."
"The tool's price is somewhere in the middle. It's neither cheap nor expensive. I would rate the pricing a five out of ten."
"The pricing is on the expensive side, and we are paying for a couple of items."
"I would rate the pricing a six out of ten, where one is low, and ten is high price."
"It is expensive."
"This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis."
"The licensing fees are based on the number of lines of code."
"I rate the pricing a five out of ten."
"The price of SonarCloud could be less expensive. We are using the community version and the price should be more reasonable."
"Previously, the pricing was 17,000 euros for five million lines analyzed. However, they now charge $15,000 per one million lines, significantly increasing the cost."
"The current pricing is quite cheap."
"While not extremely cheap, it aligns well with market standards and offers good value."
"I am using the free version of the solution."
"The price of SonarCloud is not expensive, it goes by the lines of code. 1 million lines per code are approximately 4,000 USD per year. If you need 2 million lines of code you would double the annual cost."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
845,589 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
33%
Computer Software Company
14%
Financial Services Firm
7%
Government
4%
Computer Software Company
18%
Financial Services Firm
10%
Manufacturing Company
9%
Insurance Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
What do you like most about Coverity?
The solution has improved our code quality and security very well.
What do you like most about SonarCloud?
Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service.
What is your experience regarding pricing and costs for SonarCloud?
From what I understand, SonarQube Cloud is roughly equivalent in cost to Veracode, maybe a little cheaper.
What needs improvement with SonarCloud?
SonarQube Cloud could improve its vulnerability detection compared to Veracode. Additionally, it has fewer capabilities, which prompted us to use Veracode.
 

Also Known As

Synopsys Static Analysis
No data available
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

SAP, Mega International, Thales Alenia Space
Information Not Available
Find out what your peers are saying about Coverity vs. SonarQube Cloud (formerly SonarCloud) and other solutions. Updated: April 2025.
845,589 professionals have used our research since 2012.