Coverity Reviews

Name: Coverity
Brand: Black Duck
Rating: 3.9 (43 reviews)

3.9 out of 5

43 reviews
89% willing to recommend

What is Coverity?

Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts.

Get the Coverity Buyer's Guide and find out what your peers are saying about Coverity, SonarQube Server (formerly SonarQube), GitLab and more!

Coverity is the #5 ranked solution in AST tools. PeerSpot users give Coverity an average rating of 7.8 out of 10. Coverity is most commonly compared to SonarQube Server (formerly SonarQube): Coverity vs SonarQube Server (formerly SonarQube). Coverity is popular among the large enterprise segment, accounting for 75% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a manufacturing company, accounting for 32% of all views.

Helped 865,384 peers since 2012

Featured Coverity reviews

Jaile Sebes

Senior Software Architect at Siemens Industry

We use Coverity primarily to find issues such as software bugs and memory leaks, especially in C++ and C# projects. It helps us identify deadlocks, synchronization issues, and product crashes Coverity has been instrumental in resolving product crashes by detecting various issues like deadlocks.…

Read full review

Md. Shahriar Hussain

Information Security Analyst at Banglalink

The solution can be easily setup but requires heavy integration due to the multiple types of port and programming languages involved. Comparing the resource requirements of the solution I would say it can be installed effortlessly. I would rate the initial setup an eight out of ten. A professional needs some pre-acquired knowledge to manage Coverity's deployment process, but the local solution partners provide support well enough for trouble-free deployment. The overall deployment process of Coverity took around two and a half hours in our organization. The deployment duration depends upon the operating system and resources including high-end RAM and CPU processors.

Read full review

Arun Dahiphale

Technical Architect at Elastic Care Inc

The scan of the repository has been most effective in identifying critical vulnerabilities. The product provided visibility over security-related issues like hard coding and values getting exposed in a log. It helped us resolve difficult issues. With CI/CD integration, we could scan the incremental commits done by different developers. We were able to report them, and the developers were able to fix them. The product identifies the issues and has an informative dashboard that gives us strains of incremental issues and resolutions. It also keeps track of whether the reported issues were fixed and what the resolution was. Sometimes, we find duplicate issues. Those were very well managed from the dashboard. Our primary requirement was for compliance, and it was good. The reports were significant and looked very professional.

Read full review

Coverity mindshare

As of August 2025, the mindshare of Coverity in the Static Application Security Testing (SAST) category stands at 7.0%, up from 6.9% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Static Application Security Testing (SAST)

PeerResearch reports based on Coverity reviews

Type	Title	Date
Category	Static Application Security Testing (SAST)	Aug 20, 2025	Download
Product	Reviews, tips, and advice from real users	Aug 20, 2025	Download
Comparison	Coverity vs SonarQube Server (formerly SonarQube)	Aug 20, 2025	Download
Comparison	Coverity vs Veracode	Aug 20, 2025	Download
Comparison	Coverity vs Checkmarx One	Aug 20, 2025	Download

Title	Rating	Mindshare	Recommending
SonarQube Server (formerly SonarQube)	4.0	22.1%	81%	116 interviews Add to research
GitLab	4.2	2.4%	97%	85 interviews Add to research

Valuable Features

Valuable features of Coverity include low false positive rates, faster scanning, inline context-sensitive help, and great integration with CI/CD tools. Coverity excels in security analysis, vulnerability identification, interprocedural analysis, and customizable triage. The ability to publish analysis results, provide extensive reports, contributing event features, and seamless integration with Jenkins, GitLab, SonarQube, and diverse deployment options enhance its utility. Coverity's user-friendly interface and detailed remediation guidance further enrich development speed and code quality improvement.

"Coverity provides excellent compliance and other features, which is a very good part."
"Coverity is easy to use and easy to integrate with CI."
"Coverity is easy to use and easy to integrate with CI."

Room for Improvement

Coverity users highlight the need for a more dynamic reporting engine with better customization capabilities. Complexity in user interface design and limited integration with popular IDEs are notable concerns. The system's performance and price are also called into question, alongside challenges with handling false positives and providing accurate feature coverage. Improved support for dynamic scanning and enhanced integration with external analytics tools like SonarQube and Git are often requested by the community.

"The price is a concern, and there are a lot of false positives coming through."
"There is an extra step in my organization that involves uploading to servers, which adds overhead."
"Coverity's implementation cycle is very slow when integrating changes, especially for problems related to event handling and memory leaks."

ROI

Organizations experienced an ROI from Coverity, which increased staff productivity by around 20%. They also valued the IDE plugin for its ability to detect defects early in development, saving costs. Coverity's defect identification before QA or staging led to long-term value. Some users emphasized its role in enhancing security for client products. While not every company saw a sufficient ROI, many appreciated Coverity’s benefits and continued its use over the years.

Pricing

Enterprise buyers find Coverity's pricing expensive, with licenses based on user count. Many suggest pricing based on code lines would be more cost-effective for large developer teams. The yearly licensing model can be competitive, though it is often seen as on the higher side. Some users find the cost reasonable, especially with multi-year agreements. Others highlight the pricing's flexibility when considering various usage scenarios, yet there are concerns about the affordability for acquiring more licenses.

"The solution's pricing is comparable to other products."
"Depending on the usage types, one has to opt for different types of licenses from Coverity, especially to be able to use areas like report viewing or report generation."
"I would rate Coverity's pricing as a nine out of ten. It's already very expensive, and it's a problem for us to get more licenses due to the price. The pricing model has some good aspects - for example, a personal license gives access to all languages without code limitations, which is better than some competitors. However, it's still a lot of money for us to spend."

Popular Use Cases

Organizations primarily utilize Coverity for static code analysis, raising code quality, security, and robustness, especially during integration and development phases. It is often deployed on-premises for auditing, code security, and vulnerability detection. Coverity aids in identifying software bugs, memory leaks, and synchronization issues, supporting various programming languages such as Java, C, and C++. The tool integrates with CI/CD pipelines, helping mitigate security risks early in the software development lifecycle.

Service and Support

Coverity customer service is friendly and responsive, though response times can vary. Technical support is knowledgeable and effective, with premium options available for 24/7 assistance. Users rate technical support positively, with scores typically between seven to nine out of ten. Some express satisfaction with quick responses and helpfulness, while others mention occasional delays or less experienced representatives. Coverage includes email, call, WebEx, and Zoom support, with custom patches provided when needed.

Deployment

Coverity's initial setup is generally seen as straightforward, though some users find it complex due to integration challenges and missing features. Installation varies in duration, from a few minutes to several weeks, depending on specific environments and integrations. The setup for Windows tends to be simpler compared to Linux. Users appreciate the documentation provided, yet they suggest improvements in addressing practical installation details and illustrative examples. Maintenance is often viewed as manageable with vendor support.

Scalability

Users express that Coverity is scalable, performing well for various user counts and integration needs. It receives ratings ranging from good to excellent in scalability. Scaling can require additional hardware or cloud resources. Organizational sizes vary, with some using it across hundreds or thousands of users. Licensing costs may influence scaling decisions. Users recommend the use of containers for better scalability, while integration with CI/CD tools aids effectiveness.

Stability

Coverity is generally stable, with good performance and minimal issues. It's robust and reliable, having been in the industry for decades. Some noted occasional slowdowns during large projects or cloud setups, but these were infrequent. Users rate its stability highly, often around eight or nine out of ten. While some fixes and tuning are occasionally needed for updates, it consistently meets organizational needs without frequent OS configuration changes.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Coverity Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Manufacturing Company

32%

Computer Software Company

14%

Financial Services Firm

Government

Healthcare Company

Aerospace/Defense Firm

Comms Service Provider

Retailer

University

Educational Organization

Media Company

Consumer Goods Company

Transportation Company

Real Estate/Law Firm

Construction Company

Non Profit

Insurance Company

Wholesaler/Distributor

Engineering Company

Energy/Utilities Company

Outsourcing Company

Legal Firm

Hospitality Company

Performing Arts

Recreational Facilities/Services Company

Logistics Company

Pharma/Biotech Company

Compare Coverity with alternative products

Learn more about Coverity

Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports more than 20 languages and 200 frameworks and templates.

Coverity was previously known as Synopsys Static Analysis.