Coverity Static Reviews

Name: Coverity Static
Brand: Black Duck
Rating: 3.9 (43 reviews)

Vendor: Black Duck

3.9 out of 5

43 reviews
89% willing to recommend

Leave a review

What is Coverity Static?

Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts.

Get the Coverity Static Buyer's Guide and find out what your peers are saying about Coverity Static, SonarQube, Snyk and more!

Coverity Static is the #5 ranked solution in AST tools. PeerSpot users give Coverity Static an average rating of 7.8 out of 10. Coverity Static is most commonly compared to SonarQube: Coverity Static vs SonarQube. Coverity Static is popular among the large enterprise segment, accounting for 74% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a manufacturing company, accounting for 32% of all views.

Helped 879,259 peers since 2012

Featured Coverity Static reviews

Kasiraja Thangapandian

Software Engineering Manager at Visteon Corporation

We have been using Coverity for quite a long period. It has been fine for our needs. I would rate Coverity between eight to nine, though the cost is high. I would rate their support from Coverity as six. That is the main complaint, but we still appreciate having it.

Read full review

Benoît Labrique

Software Quality Expert at Endress+Hauser AG

We're currently facing a primary challenge with automation using Coverity. Each developer has a license and can perform manual checks, and we also have a nightly build that analyzes the entire software. The main issue is that the tool can't look behind submodules in our code base, so it doesn't see changes stored there. This limitation means it can't detect changes accurately, forcing us to analyze all files instead of just the modified ones. It struggles with repositories organized with different submodules. Although documentation suggests it's possible to configure Coverity to handle this, it requires effort. The solution's analysis tools are high-quality, but the web design could improve. For example, the data is organized into pages when there are many findings, such as ten thousand lines of information. Each page shows about a hundred items, and navigating through these pages (from items 100 to 200, 200 to 300, and so on) can be cumbersome. I've heard from a colleague about another Synopsys tool with a very good GUI. It might be a solution for us to include with Coverity. We invested in Coverity, but compared to SonarQube, it lacks a good interface. SonarQube has a responsive, intuitive GUI, but its analysis quality isn't as good as Coverity's. Coverity's interface isn't great, but its analysis is much better. We hope Synopsys will improve Coverity because it doesn't make a good impression when you first use it. We started with the command line and saw the results were very good. We moved from another tool with a slightly better GUI, but it crashed often, so Coverity was an improvement. When I used the solution earlier, I noticed some issues. It supports C++, which we use, but there's room for improvement. Coverity has two plug-ins. The newer one works well for languages like C# or Java and is very responsive. When we evaluated it with Synopsys, they presented it as easy to configure and install. However, C++ slows down significantly because it's analyzing in the background. It's not very responsive when typing, likely due to the many included files in C++ that need analysis. It's not as quick as with C# or other languages, where you get immediate feedback from Coverity. The classic plug-in is still supported but old-fashioned. It has a manual option, but I haven't checked it. The main problem for C++ users who prefer the old plug-in is responsiveness.

Read full review

Sasmit Patil

Lead Information Security at GEP Worldwide at ReBIT

The initial setup is good. When I use the product to scan the code in the DevOps pipeline, the issue coverage can be greater, which can help speed up risk identification in the CI/CD pipeline. That is one area where improvement can be made. Corresponding steps can be taken for that. It integrates with most of the tools, like ticketing tools, configuration tools, Jenkins, and the pipeline. That is fantastic.

Read full review

Coverity Static mindshare

As of December 2025, the mindshare of Coverity Static in the Static Application Security Testing (SAST) category stands at 5.1%, down from 8.1% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Static Application Security Testing (SAST) Market Share Distribution
Product	Market Share (%)
Coverity Static	5.1%
SonarQube	19.8%
Checkmarx One	10.3%
Other	64.8%

Static Application Security Testing (SAST)

PeerResearch reports based on Coverity Static reviews

Type	Title	Date
Category	Static Application Security Testing (SAST)	Dec 29, 2025	Download
Product	Reviews, tips, and advice from real users	Dec 29, 2025	Download
Comparison	Coverity Static vs SonarQube	Dec 29, 2025	Download
Comparison	Coverity Static vs Veracode	Dec 29, 2025	Download
Comparison	Coverity Static vs Checkmarx One	Dec 29, 2025	Download

Valuable Features

Coverity Static offers low false positive rates, fast scan times, integration with CI/CD tools, and detailed security analysis. Its features include Contributing Events for root cause analysis, customizable triage options, support for secure coding, interprocedural analysis, and seamless integration with various platforms and IDEs. Users value its ability to publish analysis results across teams, providing updates on code vulnerabilities and quality, enhancing development speed and code quality.

"Coverity provides excellent compliance and other features, which is a very good part."
"Coverity is easy to use and easy to integrate with CI."
"Coverity is easy to use and easy to integrate with CI."

Room for Improvement

Coverity Static requires a more user-friendly interface with improved ease of use and customization options. Enhancements are needed in reporting capabilities, IDE integration, handling false positives, and expanding language support. A comprehensive REST API, better support for Git and submodules, and faster connectivity are desired. Users express dissatisfaction with high costs, slow updates, and insufficient integration with tools like SonarQube and BI systems. Furthermore, improvements in vulnerability coverage and graphical data representation are needed.

"The price is a concern, and there are a lot of false positives coming through."
"There is an extra step in my organization that involves uploading to servers, which adds overhead."
"Coverity's implementation cycle is very slow when integrating changes, especially for problems related to event handling and memory leaks."

ROI

Coverity Static has increased productivity by 20% and allowed for early defect detection before code reaches QA. It offers an IDE plugin that identifies defects immediately, helping developers write better code. While some have noticed a return on investment, others express indifference or lack of ROI. The tool's value includes identifying security risks early and creating secure products. Overall, Coverity has been utilized for over four years due to these benefits.

Pricing

Coverity Static's pricing is predominantly considered expensive, often higher than alternatives like SonarQube and open-source tools. The licensing primarily follows an annual model, with costs often tied to the number of users rather than lines of code. While some users find it competitive or reasonable with quality benefits, others express concerns about its affordability and comparability to other platforms, cautioning enterprise buyers about potentially significant expenditure.

"The solution's pricing is comparable to other products."
"Depending on the usage types, one has to opt for different types of licenses from Coverity, especially to be able to use areas like report viewing or report generation."
"I would rate Coverity's pricing as a nine out of ten. It's already very expensive, and it's a problem for us to get more licenses due to the price. The pricing model has some good aspects - for example, a personal license gives access to all languages without code limitations, which is better than some competitors. However, it's still a lot of money for us to spend."

Popular Use Cases

Coverity Static is primarily used for enhancing code quality, security, and robustness through static code analysis. It assists in identifying vulnerabilities, defects, and compliance issues across various languages. Organizations incorporate it into their development process to scan code, integrate with build systems, and detect potential risks like memory leaks and synchronization issues during software integration and development phases. Users appreciate its ability to address security concerns and maintain code integrity efficiently.

Service and Support

Users indicate mixed satisfaction with customer service and support. Some praise quick response times and knowledgeable assistance, while others note responsiveness depends on priority and support package chosen. Several find technical support professional, though communication could improve. Some have had unresolved issues and described the service as slow. Various options like phone, email, and video sessions are available, but certain users prefer direct contact without ticketing systems for faster resolutions.

Deployment

Users found Coverity Static's setup to be a mix of straightforward and complex. Many noted easy deployments on some platforms, with executable files and clear instructions, while challenges arose due to integration complexities and missing features. For large-scale deployments, times varied from a day to a month. Some praised the documentation, while others found it lacking in practical guidance. Overall opinion varied depending on the scope and requirements of the deployment.

Scalability

Coverity Static is widely regarded as scalable, with various users managing small to large-scale implementations effectively. The feedback highlights that while resources impact scalability, many successfully integrate it with CI/CD tools and adapt it across organizations. Users report variable usage levels, from a few to several thousand users. Performance, hardware, and cost considerations influence scalability, but the tool is generally praised for handling significant workloads efficiently. Users often rate scalability between seven and ten.

Stability

Coverity Static exhibits high stability, being robust and reliable for many users. It rarely experiences crashes or downtime, with many rating it between eight to ten out of ten in terms of stability. While some minor lags can occur, especially with updates or new integrations, these are not widespread issues. Users appreciate its reliability, although they note that larger security analyses may experience slower performance. Regular updates help maintain its consistent stability.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Coverity Static Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	8
Midsize Enterprise	5
Large Enterprise	22

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	362
Midsize Enterprise	233
Large Enterprise	1703

By visitors reading reviews

Top industries

By visitors reading reviews

Manufacturing Company

32%

Computer Software Company

12%

Financial Services Firm

Healthcare Company

Comms Service Provider

Government

Aerospace/Defense Firm

Retailer

Consumer Goods Company

Media Company

Transportation Company

University

Educational Organization

Real Estate/Law Firm

Construction Company

Non Profit

Outsourcing Company

Insurance Company

Wholesaler/Distributor

Energy/Utilities Company

Engineering Company

Performing Arts

Legal Firm

Hospitality Company

Marketing Services Firm

Pharma/Biotech Company

Logistics Company

Recreational Facilities/Services Company

Compare Coverity Static with alternative products

Learn more about Coverity Static

Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports more than 20 languages and 200 frameworks and templates.

Coverity Static was previously known as Synopsys Static Analysis.

Coverity Static customers

SAP, Mega International, Thales Alenia Space

Product Categories

Static Application Security Testing (SAST)

Popular Comparisons

SonarQube vs Coverity Static

Snyk vs Coverity Static

GitLab vs Coverity Static

Checkmarx One vs Coverity Static

Veracode vs Coverity Static

OWASP Zap vs Coverity Static

OpenText Core Application Security vs Coverity Static

Acunetix vs Coverity Static

PortSwigger Burp Suite Professional vs Coverity Static

HCL AppScan vs Coverity Static

Qualys Web Application Scanning vs Coverity Static

GitGuardian Platform vs Coverity Static

Klocwork vs Coverity Static

Semgrep vs Coverity Static

Invicti vs Coverity Static

See all alternatives

Coverity Static Reviews Summary
Author info	Rating	Review Summary
Software Engineering Manager at Visteon Corporation	4.0	I use Coverity in my company for its excellent compliance features, but its high price and frequent false positives are concerns. The support takes too long, so we switched to a more cost-effective platform that better suits our needs.
Software Quality Expert at Endress+Hauser AG	3.0	Coverity excels in identifying critical vulnerabilities with its detailed analysis but struggles with submodule automation. Its interface is less intuitive than SonarQube’s, yet its analysis quality is superior. Improved usability and responsiveness, especially for C++, would enhance its appeal.
Lead Information Security at GEP Worldwide at ReBIT	4.5	I use Coverity for code scanning to identify security vulnerabilities early in the development phase. Its valuable feature is the IDE plugin for real-time security checks. Improvement could include detecting zero-day vulnerabilities. Coverity is more user-friendly and feature-rich compared to alternatives like Checkmarx.
Information Security Analyst at Banglalink	4.5	Coverity allows me to implement security benchmarks and identify code issues before production. Its user-friendly interface and reporting are valuable, though updates to reflect current OWASP standards are needed. I found it more user-friendly than other solutions during evaluation.
Senior Solutions Architect at Telstra	4.0	I work on multiple projects, and Coverity provides robust security, quality checks, and efficient disk space usage compared to CodeSonar. Its excellent integration with IDEs and CI/CD tools enhances shift-left testing while reducing defect identification costs.
Senior Software Architect at a tech vendor with 10,001+ employees	4.0	We use Coverity to detect software bugs and memory leaks in C++ and C# projects, valuing its interprocedural analysis capabilities. Despite its slow implementation and high license cost, it offers better security analysis compared to SonarQube.
Technical Architect at Elastic Care Inc	5.0	I used Coverity to perform security scans on our healthcare application to meet FDA requirements, which effectively identified vulnerabilities and integrated well with CI/CD. However, it needs customization for prioritizing issues to focus on critical ones.
Works at STMicroelectronics Holding	4.5	I use Coverity to ensure software quality compliance with standards like MISRA, particularly in the automotive market. While it efficiently aids compliance, I wish for better IDE integration and more user-friendly reporting features for an improved experience.

Title	Rating	Mindshare	Recommending
SonarQube	4.0	19.8%	83%	134 interviews Add to research
Snyk	4.1	5.3%	100%	50 interviews Add to research

Coverity Static Reviews

What is Coverity Static?

Featured Coverity Static reviews

Coverity Static mindshare

PeerResearch reports based on Coverity Static reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Coverity Static with alternative products

Learn more about Coverity Static

Coverity Static customers

Related questions

Product Categories

Popular Comparisons