Try our new research platform with insights from 80,000+ expert users

Coverity vs SonarQube Server (formerly SonarQube) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 9, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Coverity
Ranking in Static Application Security Testing (SAST)
4th
Average Rating
7.8
Reviews Sentiment
6.5
Number of Reviews
42
Ranking in other categories
No ranking in other categories
SonarQube Server (formerly ...
Ranking in Static Application Security Testing (SAST)
1st
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
114
Ranking in other categories
Application Security Tools (1st), Software Development Analytics (1st)
 

Mindshare comparison

As of April 2025, in the Static Application Security Testing (SAST) category, the mindshare of Coverity is 8.0%, up from 7.0% compared to the previous year. The mindshare of SonarQube Server (formerly SonarQube) is 26.7%, down from 28.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Md. Shahriar Hussain - PeerSpot reviewer
Offers impressive reporting features with user-friendliness and high scalability
The solution can be easily setup but requires heavy integration due to the multiple types of port and programming languages involved. Comparing the resource requirements of the solution I would say it can be installed effortlessly. I would rate the initial setup an eight out of ten. A professional needs some pre-acquired knowledge to manage Coverity's deployment process, but the local solution partners provide support well enough for trouble-free deployment. The overall deployment process of Coverity took around two and a half hours in our organization. The deployment duration depends upon the operating system and resources including high-end RAM and CPU processors.
Wang Dayong - PeerSpot reviewer
Easy to integrate and has a plug-in that supports both C and C++ languages
The product provides false reports sometimes. It also fails to understand the context of the code. It reports that a line of code has issues without considering its relation with the previous line. The product should improve the report quality. While it asks us to improve the code quality, it would be good if it also suggests how to improve the quality.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It is a scalable solution."
"Coverity is scalable."
"The app analysis is the most valuable feature as I know other solutions don't have that."
"The security analysis features are the most valuable features of this solution."
"The reporting feature is up to the mark."
"The solution has improved our code quality and security very well."
"The most valuable feature of Coverity is its software security feature called the Checker. If you share some vulnerability or weakness then the software can find any potential security bug or defect. The code integration tool enables some secure coding standards and implements some Checkers for Live Duo. So we can enable secure coding and Azure in this tool. So in our software, we can make sure our software combines some industry supervised data."
"Coverity is easy to use and easy to integrate with CI."
"The freemium version of SonarQube Server offers excellent value, especially compared to the high costs of Snyk."
"This solution has helped with the integration and building of our CICD pipeline."
"With SonarQube's web interface, it is easy to drill down to see the individual problems, but also to look at the project from above and get the big picture, with possible larger problem areas."
"We advise all of our developers to have this solution in place."
"SonarQube is one of the more popular solutions because it supports 29 languages."
"The product is simple."
"The solution can verify vulnerabilities, code smells, and hotspots. It makes the software more secure and it helps make a junior or novice developer sharper."
"When comparing other static code analysis tools, SonarQube has fewer false-positive issues being reported. They have a lot of support for different tech stacks. It covers the entire developer community which includes Salesforce or it could be the regular Java.net project. It has actually sufficed all the needs in one tool for static code analysis."
 

Cons

"Coverity is not stable."
"The solution needs to improve its false positives."
"The level of vulnerability that this solution covers could be improved compared to other open source tools."
"We use GitHub and Gitflow, and Coverity does not fit with Gitflow. I have to create a screen for our branches, and it's a pain for developers. It has been difficult to integrate Coverity with our system."
"When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material."
"Its price can be improved. Price is always an issue with Synopsys."
"Coverity takes a lot of time to dereference null pointers."
"Zero-day vulnerability identification can be an add-on feature that Coverity can provide."
"In terms of what can be improved, the areas that need more attention in the solution are its architecture and development."
"I would like to see improvements in defining the quality sets of rules and the quality to ensure code with low-performance does not end up in production."
"The solution could improve by having better-consulting services."
"Code security could be better. They are already focusing on it, but I see a lot of improvement opportunities over there. I can see a lot of false positives in terms of security. They need to make the tests more accurate so that the false positives are not detected so frequently. It would also help if they provided us with an installer."
"The documentation is not clear and it needs to be updated."
"If the product could assist us with fixing issues by giving us more pointers then it would help to resolve more of the warnings without such a commitment in terms of time."
"It requires advanced heuristics to recognize more complex constructs that could be disregarded as issues."
"The handling of the contents of Docker container images could be better."
 

Pricing and Cost Advice

"The tool's price is somewhere in the middle. It's neither cheap nor expensive. I would rate the pricing a five out of ten."
"Coverity’s price is on the higher side. It should be lower."
"Coverity is very expensive."
"Depending on the usage types, one has to opt for different types of licenses from Coverity, especially to be able to use areas like report viewing or report generation."
"I rate Coverity's price a ten on a scale of one to ten, where one is cheap and ten is expensive."
"The licensing fees are based on the number of lines of code."
"The price is competitive with other solutions."
"The tool was fairly priced."
"A low cost long-term solution for non-critical situations."
"I do not know about the pricing as I am using the community edition, which is free. But I compared the pricing with Sigma, and it is higher than SonarQube."
"I think comparing the product to competitors it should be less expensive."
"As a user and a consumer of this solution, it can be pricey for my company to support and use, even though there are many benefits. For this reason, we use the free version. In the future, as our product cycles develop and evolve at a more steady pace, we hope to invest in the licensing for this tool."
"Can try developer version for 14 days on the free trial."
"It's an open-source product."
"The beauty of this solution is the free open-source version is capable enough in doing pretty much what an enterprise-level version can do."
"People can try the free licenses and later can seek buying plugins/support, etc. once they started liking it."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
845,589 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
33%
Computer Software Company
14%
Financial Services Firm
7%
Government
4%
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
13%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
What do you like most about Coverity?
The solution has improved our code quality and security very well.
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you a...
 

Also Known As

Synopsys Static Analysis
Sonar
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

SAP, Mega International, Thales Alenia Space
Information Not Available
Find out what your peers are saying about Coverity vs. SonarQube Server (formerly SonarQube) and other solutions. Updated: April 2025.
845,589 professionals have used our research since 2012.