Try our new research platform with insights from 80,000+ expert users

Coverity vs SonarQube Server (formerly SonarQube) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 15, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Coverity
Ranking in Static Application Security Testing (SAST)
5th
Average Rating
7.8
Reviews Sentiment
6.5
Number of Reviews
43
Ranking in other categories
No ranking in other categories
SonarQube Server (formerly ...
Ranking in Static Application Security Testing (SAST)
1st
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
116
Ranking in other categories
Application Security Tools (1st), Software Development Analytics (1st)
 

Mindshare comparison

As of August 2025, in the Static Application Security Testing (SAST) category, the mindshare of Coverity is 7.0%, up from 6.9% compared to the previous year. The mindshare of SonarQube Server (formerly SonarQube) is 22.1%, down from 27.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST) Market Share Distribution
ProductMarket Share (%)
SonarQube Server (formerly SonarQube)22.1%
Coverity7.0%
Other70.9%
Static Application Security Testing (SAST)
 

Featured Reviews

Jaile Sebes - PeerSpot reviewer
Resolving critical software issues demands faster implementation and better integration
We use Coverity primarily to find issues such as software bugs and memory leaks, especially in C++ and C# projects. It helps us identify deadlocks, synchronization issues, and product crashes Coverity has been instrumental in resolving product crashes by detecting various issues like deadlocks.…
Sthembiso Zondi - PeerSpot reviewer
Consistent improvements in code quality and security with effective integration and reliable technical support
The features of SonarQube Server (formerly SonarQube) that I find most useful are the suggestions received from reviewing the code. When they review the code, they provide suggestions on how to fix it, and we find those very useful from a development perspective. We use SonarQube Server's (formerly SonarQube) centralized management and visualization of code quality metrics on the dashboard because that's the executive dashboard that we send to the executives to show where we are in terms of quality, security, and where the company can improve. We use that for organizational improvement purposes. The ability to tailor metrics tracking in SonarQube Server (formerly SonarQube) has been beneficial to my team. There are team-specific dashboards which are related to specific repositories they utilize, and we have that aggregative dashboard that shows the whole organization's performance. We can drill down per specific repository, which makes it easier for the team to improve specific things.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The app analysis is the most valuable feature as I know other solutions don't have that."
"Coverity is easy to set up and has a less lengthy process to find vulnerabilities."
"Considering the analysis part and the benchmarking process involving the product that my company carried out, the solution is good for finding bugs and violations"
"Coverity is scalable."
"I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be."
"The most valuable feature of Coverity is its interprocedural analysis, which is advantageous because it compares favorably with other tools in terms of security and code analysis."
"It's pretty stable. I rate the stability of Coverity nine out of ten."
"It provides reports about a lot of potential defects."
"It easily ties into our continuous integration pipeline."
"SonarQube is one of the more popular solutions because it supports 29 languages."
"Offers multi-programming language support"
"It is very good at identifying technical debt."
"Provides local scanning for developers."
"SonarQube is good in terms of code review and to report on basic vulnerabilities in your applications."
"Before you even compile, it can catch known vulnerability issues or patterns."
"The solution has a plug-in that supports both C and C++ languages."
 

Cons

"Right now, the Coverity executable is around 1.2GB to download. If they can reduce it to approximately 600 or 700MB, that would be great. If they decrease the executable, it will be much easier to work in an environment like Docker."
"The price is a concern, and there are a lot of false positives coming through."
"Coverity is far from perfection, and I'm not 100 percent sure it's helping me find what I need to find in my role. We need exactly what we are looking for, i.e. security errors and vulnerabilities. It doesn't seem to be reporting while we are changing our code."
"Coverity takes a lot of time to dereference null pointers."
"Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better."
"Coverity concerns its dashboards and reporting."
"It would be great if we could customize the rules to focus on critical issues."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"It would be a great add-on if SonarQube could update its database for vulnerabilities or plugging parts."
"The solution could improve the management reports by making them easier to understand for the technical team that needs to review them."
"In the next release, I would like to have notifications because now, it is a bit difficult. I think that's a feature which we could add there and it would benefit the users as well. For every full request, they should be able to see their bugs or vulnerability directly on the surface."
"One thing to improve would be the integration. There is a steep learning curve to get it integrated."
"Any suggestions for potential improvements may include bill of materials functionality."
"I would like to see improvements in defining the quality sets of rules and the quality to ensure code with low-performance does not end up in production."
"I have found this solution creates more noise than competitors."
"We could use some team support, but since we are using the community version, it's not available."
 

Pricing and Cost Advice

"I would rate the tool's pricing a one out of ten."
"I rate Coverity's price a ten on a scale of one to ten, where one is cheap and ten is expensive."
"Coverity’s price is on the higher side. It should be lower."
"I would rate the pricing a six out of ten, where one is low, and ten is high price."
"The licensing fees are based on the number of lines of code."
"The solution is affordable."
"The tool's price is somewhere in the middle. It's neither cheap nor expensive. I would rate the pricing a five out of ten."
"The solution's pricing is comparable to other products."
"The solution has a free version and a license version. The license is priced reasonably, the cost of hiring one programmer is more expensive than the solution."
"The beauty of this solution is the free open-source version is capable enough in doing pretty much what an enterprise-level version can do."
"There is both a free and licensed version. The free version has limitations on development languages and support."
"Get the paid version which allows the customized dashboard and provides technical support."
"SonarQube is a cost-effective solution."
"It's an open-source solution, with no additional costs."
"We're using their free Community Edition version."
"We are using the free, unlicensed version."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
866,218 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
32%
Computer Software Company
14%
Financial Services Firm
6%
Government
4%
Financial Services Firm
16%
Computer Software Company
14%
Manufacturing Company
13%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise6
Large Enterprise31
By reviewers
Company SizeCount
Small Business32
Midsize Enterprise21
Large Enterprise74
 

Questions from the Community

How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
What do you like most about Coverity?
The solution has improved our code quality and security very well.
Is SonarQube the best tool for static analysis?
I am not very familiar with SonarQube and their solutions, so I can not answer. But if you are asking me about which tools that are the best for for Static Code Analysis, I suggest you have a look...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you a...
 

Also Known As

Synopsys Static Analysis
Sonar
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

SAP, Mega International, Thales Alenia Space
Information Not Available
Find out what your peers are saying about Coverity vs. SonarQube Server (formerly SonarQube) and other solutions. Updated: July 2025.
866,218 professionals have used our research since 2012.