Try our new research platform with insights from 80,000+ expert users

Coverity Static pros and cons

Vendor: Black Duck

3.9 out of 5

43 reviews
89% willing to recommend

Pros & Cons summary

Coverity Static excels with low false positives, enhancing vulnerability focus. It boosts productivity through reliable scalability and stability without downtime. Key strengths include Jenkins, Jira integration, and code scanning features. However, the setup is lengthy, usability requires better IDE integration, and reports need robustness. Affordability and user-based licensing are concerns, alongside integration challenges and false positives, especially with zero-day vulnerabilities and systems like Azure DevOps.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

Coverity Static effectively reduces false positives, allowing users to focus on genuine vulnerabilities and improve code quality.

It significantly enhances staff productivity, improving work quality by approximately 20%.

The security analysis and capabilities, such as interprocedural analysis, help in identifying critical vulnerabilities and ensuring software security.

The integration with tools like Jenkins and Jira supports seamless continuous integration and issue tracking, making development processes smoother.

Coverity Static is noted for its stability and scalability, ensuring consistent performance without downtime.

CONS

Coverity Static faces challenges with false positives, resulting in wasted time addressing issues that are not actual problems.

Reporting engine and integrations like SCM need significant enhancements to provide more robust and timely feedback.

The setup process is lengthy and complex, requiring improvements in ease of use and integration with developer workflows.

Customizability is limited, particularly in defining custom validation routines and checkers, hindering its adaptability to specific needs.

Coverity Static's pricing and licensing model are concerns, particularly in terms of user-based licenses and line of code restrictions.

Coverity Static Pros review quotes

HM

Haroon Mansoori

Sr. Manager/Sr. Architect at Cognizant

Mar 2, 2018

It has the lowest false positives.

Read full review

Chief Specialist at a government with 501-1,000 employees

Mar 11, 2019

The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent.

Read full review

Software Integration Engineer at Thales

Sep 4, 2019

The features I find most valuable is that our entire company can publish the analysis results into our central space.

Read full review

Coverity Static

Free Report: Coverity Static Reviews and More

Learn what your peers think about Coverity Static. Get advice and tips from experienced pros sharing their opinions. Updated: January 2026.

881,082 professionals have used our research since 2012.

SH

SecurityEngineer0015

Security Engineer at a comms service provider with 10,001+ employees

Aug 26, 2019

The security analysis features are the most valuable features of this solution.

Read full review

Automation Practice Leader at a financial services firm with 10,001+ employees

Apr 2, 2020

Coverity is quite stable and we haven’t had any issues or any downtime.

Read full review

reviewer1419987

Senior Technical Specialist at a tech services company with 201-500 employees

Sep 23, 2020

The most valuable feature is the integration with Jenkins.

Read full review

reviewer1428837

Security Consultant at a tech services company with 11-50 employees

Sep 30, 2020

The most valuable feature is that there were not a whole lot of false positives, at least on the codebases that I looked at.

Read full review

reviewer1442352

Director at a manufacturing company with 10,001+ employees

Oct 30, 2020

It provides reports about a lot of potential defects.

Read full review

reviewer1649727

Sr. QA Engineer at a computer software company with 1-10 employees

Oct 9, 2021

I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be.

Read full review

Senior Solutions Architect at a computer software company with 11-50 employees

Oct 12, 2021

One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited.

Read full review

Show 10 more reviews (out of 41)

Coverity Static Cons review quotes

HM

Haroon Mansoori

Sr. Manager/Sr. Architect at Cognizant

Mar 2, 2018

Reporting engine needs to be more robust.

Read full review

Chief Specialist at a government with 501-1,000 employees

Mar 11, 2019

They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier.

Read full review

Software Integration Engineer at Thales

Sep 4, 2019

The setup takes very long.

Read full review

Coverity Static

Free Report: Coverity Static Reviews and More

Learn what your peers think about Coverity Static. Get advice and tips from experienced pros sharing their opinions. Updated: January 2026.

881,082 professionals have used our research since 2012.

SH

SecurityEngineer0015

Security Engineer at a comms service provider with 10,001+ employees

Aug 26, 2019

The quality of the code needs improvement.

Read full review

Automation Practice Leader at a financial services firm with 10,001+ employees

Apr 2, 2020

I would like to see integration with popular IDEs, such as Eclipse.

Read full review

reviewer1419987

Senior Technical Specialist at a tech services company with 201-500 employees

Sep 23, 2020

Ideally, it would have a user-based license that does not have a restriction in the number of lines of code.

Read full review

reviewer1428837

Security Consultant at a tech services company with 11-50 employees

Sep 30, 2020

It should be easier to specify your own validation routines and sanitation routines.

Read full review

reviewer1442352

Director at a manufacturing company with 10,001+ employees

Oct 30, 2020

Its price can be improved. Price is always an issue with Synopsys.

Read full review

reviewer1649727

Sr. QA Engineer at a computer software company with 1-10 employees

Oct 9, 2021

Coverity is far from perfection, and I'm not 100 percent sure it's helping me find what I need to find in my role. We need exactly what we are looking for, i.e. security errors and vulnerabilities. It doesn't seem to be reporting while we are changing our code.

Read full review

Senior Solutions Architect at a computer software company with 11-50 employees

Oct 12, 2021

Right now, the Coverity executable is around 1.2GB to download. If they can reduce it to approximately 600 or 700MB, that would be great. If they decrease the executable, it will be much easier to work in an environment like Docker.

Read full review

Show 10 more reviews (out of 41)

Product Categories

Product Categories

Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons

SonarQube vs Coverity Static

Snyk vs Coverity Static

GitLab vs Coverity Static

Checkmarx One vs Coverity Static

Veracode vs Coverity Static

OpenText Core Application Security vs Coverity Static

OWASP Zap vs Coverity Static

Acunetix vs Coverity Static

PortSwigger Burp Suite Professional vs Coverity Static

HCL AppScan vs Coverity Static

GitGuardian Platform vs Coverity Static

Qualys Web Application Scanning vs Coverity Static

Semgrep vs Coverity Static

Klocwork vs Coverity Static

Invicti vs Coverity Static

See all alternatives

Product Categories

Product Categories

Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons

SonarQube vs Coverity Static

Snyk vs Coverity Static

GitLab vs Coverity Static

Checkmarx One vs Coverity Static

Veracode vs Coverity Static

OpenText Core Application Security vs Coverity Static

OWASP Zap vs Coverity Static

Acunetix vs Coverity Static

PortSwigger Burp Suite Professional vs Coverity Static

HCL AppScan vs Coverity Static

GitGuardian Platform vs Coverity Static

Qualys Web Application Scanning vs Coverity Static

Semgrep vs Coverity Static

Klocwork vs Coverity Static

Invicti vs Coverity Static

See all alternatives

Related questions

127

What is the difference between Coverity and SonarQube?

28

What is the biggest difference between Coverity and SonarQube?

458

How would you decide between Coverity and Sonarqube?

130

What Application Security Solution Do You Use That Is DevOps Friendly?

14

Which is the most comprehensive open source Web Security Testing tool?

39

What is the best Application Security Testing platform?

16

When evaluating Application Security Testing, what aspect do you think is the most important to look for?

38

SAST vs. DAST: Which is better for application security testing?

30

What tools do you rely on for building a DevSecOps pipeline?

56

What does the Log4j/Log4Shell vulnerability mean for your company?