Coverity Static Reviews

I have not used the product for my projects in the company recently, but I know that some other teams use it for certain work.

Coverity is used as a static code analysis tool in my company.

Compared to the other tools in the market, Coverity is not a user-friendly product. Coverity fails to provide the same comfort as other solutions in the market, which provides better visibility of reports.

I have experience with Coverity. I am a customer of the tool.

I have not directly contacted the product's support team, but there is a group within the corporate circles that maintains the tool, and so they communicate with the tool's technical team. I believe that the support offered was satisfactory.

I don't use any other products which are similar to Coverity.

I was involved in the tool's deployment phase.

Depending on the usage types, one has to opt for different types of licenses from Coverity, especially to be able to use areas like report viewing or report generation. Reviewers may have to opt for a different license. For report generation, I used the product two to three ago for a project, and it was done mainly for benchmarking. The setting of the jobs or the configurations was pretty difficult compared to the other products in the market. Working with the product is a bit difficult in general.

I don't have accurate information about the prices associated with the product.

I am not the person in authority who makes decisions over whether the company should look at other options apart from Coverity. The higher management makes such decisions while I am just a part of the product development team.

In terms of the satisfaction derived from the use of the product in our company, I would say that there was another person in my company who benchmarked against Coverity with other products like SonarQube and some other LDRA solutions. Products are used considering that different projects would have different requirements.

I can't say whether the product has helped my company maintain compliance with coding standards since we are not currently using Coverity. Many projects have strict guidelines when it comes to the static code analysis part. In the future, the tool's ability to maintain compliance with coding standards can be useful.

My company has licenses to use the product.

I don't have vast experience with Coverity to be able to say whether I would recommend the product to others or not.

I did not use the tool's AI capabilities.

Considering the analysis part and the benchmarking process involving the product that my company carried out, the solution is good for finding bugs and violations. I rate the tool at eight to nine out of ten.

I use Coverity for static code analysis, covering different kinds of malware issues that can arise and ensuring robustness in terms of security.

Coverity is easy to use and easy to integrate with CI. However, in my organization, there is an additional step that involves uploading to servers, which creates an overhead. 

Apart from this, tools like Check Point and Trivy were very easy to get started with. Overall, the solution offers good scalability and is straightforward to deploy.

There is an extra step in my organization that involves uploading to servers, which adds overhead. Understanding the reporting in the beginning was challenging, especially when figuring out which mode to run on and the different arguments to use.

I have been using Coverity for a few months.

I have not faced any challenges with the stability of Coverity.

Both tools have very good scalability. Understanding the flow and pipeline helps in scaling effectively, and it is highly scalable.

I have not contacted the support team yet.

Neutral

The initial setup was straightforward.

I do not know about the pricing.

The overall rating I give to Coverity is seven out of ten. The additional step that needs to be taken is a factor in my rating.

I use Coverity in my company mainly to fix bug issues and detect errors with code analysis.

The ability of Coverity to fix bug issues is important to me. Coverity actually helps to debug and deal really fast when it comes to code analysis. Coverity does have a higher detection rate. It is easy to integrate Coverity into the CI/CD pipeline. Coverity is helpful in marking false positives. Though Coverity has some pros and cons, its pros make it a quite good tool.

The scanning ability of Coverity is good since it helps fix bug issues. The interface of Coverity is quite good, and it is also easy to use.

Coverity takes a lot of time to dereference null pointers. The product's price is one of its shortcomings, where improvements are required. In general, the price of the product should be kept low.

In the future, Coverity should provide more flexibility.

I have been using Coverity for a year. I use the solution's latest version. I am a customer of the tool.

Stability-wise, I rate the solution a seven out of ten.

Scalability-wise, I rate the solution an eight out of ten. I rate the coverage of the product a six out of ten.

Currently, five people in my company use Coverity. My company plans to increase the use of the tool for twenty people.

The solution's technical support is good. I rate the technical support a nine out of ten.

Positive

I have experience with SonarQube. I switched to Coverity from SonarQube since the former mainly focuses on scanning and detection of bugs, while the latter focuses on the security of the code. If you want only to fix bugs, then the focus of the product should also be quite good, like Coverity. SonarQube's focus area is different from Coverity.

I rate the initial setup of Coverity an eight on a scale of one to ten, where one is difficult, and ten is easy.

The setup phase of Coverity can sometimes be straightforward, and if there are some issues, it can be a little bit complex. When involved in some tracking activity, sometimes, Coverity uses looping logic, making it quite difficult to handle bugs. Sometimes, the tracking activity in Coverity will be straightforward with a very good interface. Marking the positive rates and giving some green and red bars can be helpful in Coverity.

The solution is deployed on an on-premises model.

The solution can be deployed in a day.

My company uses the git repository for the implementation of Coverity.

Five people are required to deploy the solution. Around thirty people might be required to take care of the maintenance process of the product since there will be an increase in the team members in our company.

I haven't seen any return on investment from the use of Coverity.

Coverity's cost is quite high. Coverity costs for a year are too high. I rate Coverity's price a ten on a scale of one to ten, where one is cheap and ten is expensive. There are no additional costs apart from the licensing costs attached to the product.

Though my company had other options apart from Coverity, we chose to continue with Coverity as we were already using it for some projects in our organization.

Coverity is quite a good tool that helps fix big issues and deal with code analysis. Coverity's scanning features and scalability are also quite good. The only drawback of the product stems from the fact that it is quite an expensive product. The product's cost can seem too high for a normal user. If your organization is quite good and okay with exploring the tool with its current costs, then you can opt for Coverity. Otherwise, you can use other solutions, like the free community edition from SonarQube.

I rate the overall solution an eight out of ten.

We are using Coverity for Android, cluster programs, and infotainment.

Coverity's setup takes a long time. Coverity gives advisory and deviation features, which are some of the parts I liked.

SCM integration is very poor in Coverity. The IDR file is not portable. After the analysis, it generates an IDR file. It cannot be ported from the machine since it is machine specific. Also, the component mapping has to be done manually. We cannot upload in one shot through automation or an Excel sheet. That is also a drawback.

In terms of the additional features that the solution should possess, I would say that it should have very good and sound features for Android-related stuff and embedded features should be supported. Also, infotainment programs for people who are using HMI should be supported very well.

I have been using Coverity for more than one year. In my company, we use the tool. Also, we go to the vendor for support. I am using Coverity 2022.

Speaking about stability, I would say that product-wise, there is no such complaint. There are no alarming complaints. However, some minor things we have to fix, use and tune it. With the newer versions, the only problem is if any new version or any new tool or new plugin comes to our infotainment program, then even with vendor support, we won't get a solution since maybe the tool is not supported or because there is something else that has to be looked into. We are facing problems due to such cases. Otherwise, it's fine, so it is good enough for an existing tool and program.

The product is scalable if provided if the tool is supported well, and if new features are incorporated parallelly, then definitely it's scalable.

To speak exactly about the number of users is difficult, but above 300 people in my company use the solution.

There are four or five members out there who manage Coverity's administration from a project point of view.

My opinion on support depends on what kind of support my company has adopted. I need to check. I don't know what company support they have provided. If they have taken golden support, support will come like that. In that way, I don't want to comment on that.

Initially, I worked with Klocwork in my previous company.

Regarding Klocwork, if you can provide me with its information, then we would definitely like to explore it.

Initial setup for the infotainment program is not easy. This is because the template, specifically code template files, have to be generated, and that itself takes time since they talk to the vendor and they get the template files. We are using the same template file for most of the programs. It is not fixed that this program has to use this template file, so it is not like that. since it has to be fine-tuned.

For a few programs, like cluster programs, it takes only half a day or a day to get the setup done since everything is ready. But for infotainment, it sometimes takes three to four days, and issues keep coming in for the new enablement. Hence, it may take even three weeks to one month sometimes.

Coverity’s price is on the higher side. It should be lower. It's definitely priced on the higher side, and in that sense, I will definitely give a big alert stating that it is on the higher side of the price.

We have to prepare our software solution for our customers. So in our environment, my cycle. We have a seven hour phase and requirement for design, implement testing, And before testing, we used this tool to clean up our potential feedback as our use case.

.

This product improves functionality and efficiency.

We cannot find any issues in the early stages.

The most valuable feature of Coverity is its software security feature called the Checker. If you share some vulnerability or weakness then the software can find any potential security bug or defect. The code integration tool enables some secure coding standards and implements some Checkers for Live Duo. So we can enable secure coding and Azure in this tool. So in our software, we can make sure our software combines some industry supervised data.

We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot

find some issues, but sometimes they find issues that are not relevant, right, that are not really issues.

Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues.

We've been using this solution for over 10 years. 

The solution is stable.

I rate it eight out of ten.

It is a scalable solution. Several thousand users are using the solution , precisely five thousand software engineers. We plan to increase the usage in future because our software engineer, we are to in their software coding or deployments in our engineering team. We try to integrate this tool into some other tool.

The technical support is reasonable. 

I rate them seven out of ten.

Neutral

I was not involved in the deployment process. Ten partner lines are required for the setting up and launch of the tool.

I have seen a Return on Investment.

I rate the solution eight out of ten.

We use Coverity to help with code security and code vulnerability.

The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code.

We use GitHub and Gitflow, and Coverity does not fit with Gitflow. I have to create a screen for our branches, and it's a pain for developers. It has been difficult to integrate Coverity with our system.

In the next release, I would like to have the ability to easily add screens to branches myself as a developer.

I've been using this solution for about five years.

It is a stable product.

It's scalable, and approximately 200 developers use Coverity in my organization. We have 10 administrators at present.

Technical support is good, but they do not have a user ticketing system. Therefore, we have to go through an to administrator to get support. For the support itself, I would give a rating of eight out of ten.

Positive

The pricing is on the expensive side, and we are paying for a couple of items.

My advice would be to look at other solutions and evaluate on-premises or SaaS options.

Overall, I would rate Coverity at six out of ten.

We have been working on a POC for this solution. It is an on-prem solution and we have 50 internal users. 

This solution is easy to use. 

The level of vulnerability that this solution covers could be improved compared to other open source tools. The UI could also be improved. We also cannot directly report the vulnerability. We need to add filters to projects and only then can we download reports. 

I have been using this solution for three months. 

This is a stable solution. 

The pricing is very reasonable compared to other platforms. It is based on a three year license. 

I would rate this solution a seven out of ten. 

We use this tool for call scans in order to improve call quality. We implement testing and this tool cleans up our potential feedback. We are a semiconductor company and provide software solutions to our clients. I'm a senior manager. 

Coverity has improved our functionality and efficiency.

This product provides software security, and helps to find potential security bugs or defects with its checker feature. The solution also enables us to implement secure coding. 

We've found that there is a quite high false positive rate. It's a problem because we end up wasting time on something that's not an issue. The tracker reports too many issues that are not relevant. I'd like to see some kind of customization mechanism in the future. 

We've been using this solution for over 10 years. 

The solution is stable. 

The solution is scalable, we have several thousand users. 

The technical support is reasonable. 

Neutral

I rate this solution eight out of 10.