Coverity Reviews

We did a comprehensive evaluation on a number of critical parameters in the environment that we are in. Other popular tools that we evaluated failed to meet our expectations.

• Ease of development teams to adopt.
• Faster scanning
• Lowest false positives
• No unnecessary bloating of a huge defect list.

These have helped us to focus on the things which need attention.

• Lowest false positive rate
  
• Faster scanning time
• Inline context-sensitive help and other supportive artifacts which help developers.
• Customizable triage options
• Integrations with CI/CD tools, etc.

• Reporting engine needs to be more robust.
• Custom reporting is a must have.
• Perhaps, the availability of connectors to popular open source BI tools, such as BIRT, JasperReports, or Pentaho may add value.

We are working on medical devices, and the code base is written in C++. We use Coverity to find the vulnerability in those C++ codes.

Coverity is easy to set up and has a less lengthy process to find vulnerabilities.

The solution's user interface and quality gate could be improved.

I have been using Coverity for four months.

Coverity has good stability.

I rate Coverity more than eight out of ten for stability.

Around 20 to 25 developers use Coverity in our organization.

I rate Coverity a seven to eight out of ten for scalability.

We use SonarQube for Java-based projects and Coverity for C and C++-based projects.

The solution’s initial setup is simple.

Overall, I rate Coverity a seven out of ten.

We use the solution to scan the static code and identify vulnerabilities. We can verify the rules and scripting during various applications' implementation processes.

The solution has a low false positive rate compared to other vendors. Also, it can scan complex codes. In addition, it has the best features for trial analysis, integration, and language support.

Sometimes, vulnerabilities are not identified even after setting up the automated scanning rules. They should include a feature combining automated scanning tools with manual code reviews for better output.

I have been using the solution for five years.

I rate the solution's stability a nine out of ten.

It is a scalable solution. We can quickly scan around 100 DLS using it. I rate its scalability a nine.

I interact with the solution's technical support team in terms of tuning the tool and improvements. They acknowledge the emails and respond to them quickly.

Positive

The solution integrates well with different tools. Thus, its setup process is relatively straightforward.

The solution is affordable. I rate its pricing a six out of ten.

I recommend the solution to others and rate it a ten.