No more typing reviews! Try our Samantha, our new voice AI agent.

Coverity Static pros and cons

Vendor: Black Duck

3.9 out of 5

43 reviews
89% willing to recommend

Pros & Cons summary

Coverity Static excels with low false positives, enhancing vulnerability focus. It boosts productivity through reliable scalability and stability without downtime. Key strengths include Jenkins, Jira integration, and code scanning features. However, the setup is lengthy, usability requires better IDE integration, and reports need robustness. Affordability and user-based licensing are concerns, alongside integration challenges and false positives, especially with zero-day vulnerabilities and systems like Azure DevOps.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

Coverity Static effectively reduces false positives, allowing users to focus on genuine vulnerabilities and improve code quality.

It significantly enhances staff productivity, improving work quality by approximately 20%.

The security analysis and capabilities, such as interprocedural analysis, help in identifying critical vulnerabilities and ensuring software security.

The integration with tools like Jenkins and Jira supports seamless continuous integration and issue tracking, making development processes smoother.

Coverity Static is noted for its stability and scalability, ensuring consistent performance without downtime.

CONS

Coverity Static faces challenges with false positives, resulting in wasted time addressing issues that are not actual problems.

Reporting engine and integrations like SCM need significant enhancements to provide more robust and timely feedback.

The setup process is lengthy and complex, requiring improvements in ease of use and integration with developer workflows.

Customizability is limited, particularly in defining custom validation routines and checkers, hindering its adaptability to specific needs.

Coverity Static's pricing and licensing model are concerns, particularly in terms of user-based licenses and line of code restrictions.

Coverity Static Pros review quotes

KT

Kasiraja Thangapandian

Software Engineering Manager at Visteon Corporation

May 26, 2025

Coverity provides excellent compliance and other features, which is a very good part.

Read full review

BL

Benoît Labrique

Software Quality Expert at Endress+Hauser AG

Apr 3, 2024

In my opinion, the most effective Coverity feature for identifying critical vulnerabilities is the extra checks, which offers deep analysis.

Read full review

SP

Lead Information Security at GEP Worldwide at ReBIT

Aug 29, 2024

It help us identify the latest security vulnerabilities.

Read full review

Coverity Static

Free Report: Coverity Static Reviews and More

Learn what your peers think about Coverity Static. Get advice and tips from experienced pros sharing their opinions. Updated: May 2026.

893,221 professionals have used our research since 2012.

Md. Shahriar Hussain

Information Security Analyst at Banglalink

May 3, 2024

The reporting feature is up to the mark.

Read full review

VV

Varun Venugopal

Senior Solutions Architect at Telstra

Apr 26, 2024

Coverity integrates with issue-tracking systems like Jira and provides email notifications, alerts, and other features.

Read full review

Senior Software Architect at a tech vendor with 10,001+ employees

Nov 4, 2024

The most valuable feature of Coverity is its interprocedural analysis, which is advantageous because it compares favorably with other tools in terms of security and code analysis.

Read full review

SC

Works at STMicroelectronics Holding

Jun 9, 2023

It's pretty stable. I rate the stability of Coverity nine out of ten.

Read full review

IC

Senior Manager at MediaTek

May 11, 2023

The most valuable feature of Coverity is its software security feature called the Checker. If you share some vulnerability or weakness then the software can find any potential security bug or defect. The code integration tool enables some secure coding standards and implements some Checkers for Live Duo. So we can enable secure coding and Azure in this tool. So in our software, we can make sure our software combines some industry supervised data.

Read full review

reviewer2599524

Software Engineer at a manufacturing company with 10,001+ employees

Dec 4, 2024

Coverity is easy to use and easy to integrate with CI.

Read full review

AP

Software Developer at KPIT Technologies

Nov 9, 2023

The interface of Coverity is quite good, and it is also easy to use.

Read full review

Show 10 more reviews (out of 42)

Coverity Static Cons review quotes

KT

Kasiraja Thangapandian

Software Engineering Manager at Visteon Corporation

May 26, 2025

The price is a concern, and there are a lot of false positives coming through.

Read full review

BL

Benoît Labrique

Software Quality Expert at Endress+Hauser AG

Apr 3, 2024

We're currently facing a primary challenge with automation using Coverity. Each developer has a license and can perform manual checks, and we also have a nightly build that analyzes the entire software. The main issue is that the tool can't look behind submodules in our code base, so it doesn't see changes stored there.

Read full review

SP

Lead Information Security at GEP Worldwide at ReBIT

Aug 29, 2024

Zero-day vulnerability identification can be an add-on feature that Coverity can provide.

Read full review

Coverity Static

Free Report: Coverity Static Reviews and More

Learn what your peers think about Coverity Static. Get advice and tips from experienced pros sharing their opinions. Updated: May 2026.

893,221 professionals have used our research since 2012.

Md. Shahriar Hussain

Information Security Analyst at Banglalink

May 3, 2024

The reporting tool integration process is sometimes slow.

Read full review

VV

Varun Venugopal

Senior Solutions Architect at Telstra

Apr 26, 2024

Coverity concerns its dashboards and reporting.

Read full review

Senior Software Architect at a tech vendor with 10,001+ employees

Nov 4, 2024

Coverity's implementation cycle is very slow when integrating changes, especially for problems related to event handling and memory leaks.

Read full review

SC

Works at STMicroelectronics Holding

Jun 9, 2023

There should be additional IDE support.

Read full review

IC

Senior Manager at MediaTek

May 11, 2023

We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues.

Read full review

reviewer2599524

Software Engineer at a manufacturing company with 10,001+ employees

Dec 4, 2024

There is an extra step in my organization that involves uploading to servers, which adds overhead.

Read full review

AP

Software Developer at KPIT Technologies

Nov 9, 2023

Coverity takes a lot of time to dereference null pointers.

Read full review

Show 10 more reviews (out of 42)

Product Categories

Product Categories

Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons

SonarQube vs Coverity Static

Snyk vs Coverity Static

Checkmarx One vs Coverity Static

GitLab vs Coverity Static

Veracode vs Coverity Static

Acunetix vs Coverity Static

PortSwigger Burp Suite Professional vs Coverity Static

OpenText Core Application Security vs Coverity Static

OWASP Zap vs Coverity Static

HCL AppScan vs Coverity Static

Semgrep vs Coverity Static

Qualys Web Application Scanning vs Coverity Static

Invicti vs Coverity Static

Klocwork vs Coverity Static

Parasoft SOAtest vs Coverity Static

See all alternatives

Product Categories

Product Categories

Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons

SonarQube vs Coverity Static

Snyk vs Coverity Static

Checkmarx One vs Coverity Static

GitLab vs Coverity Static

Veracode vs Coverity Static

Acunetix vs Coverity Static

PortSwigger Burp Suite Professional vs Coverity Static

OpenText Core Application Security vs Coverity Static

OWASP Zap vs Coverity Static

HCL AppScan vs Coverity Static

Semgrep vs Coverity Static

Qualys Web Application Scanning vs Coverity Static

Invicti vs Coverity Static

Klocwork vs Coverity Static

Parasoft SOAtest vs Coverity Static

See all alternatives

Related questions

172

What is the difference between Coverity and SonarQube?

43

What is the biggest difference between Coverity and SonarQube?

381

How would you decide between Coverity and Sonarqube?

296

What Application Security Solution Do You Use That Is DevOps Friendly?

41

Which is the most comprehensive open source Web Security Testing tool?

63

What is the best Application Security Testing platform?

54

When evaluating Application Security Testing, what aspect do you think is the most important to look for?

92

SAST vs. DAST: Which is better for application security testing?

66

What tools do you rely on for building a DevSecOps pipeline?

151

What does the Log4j/Log4Shell vulnerability mean for your company?