We performed a comparison between CodeSonar and Coverity based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."The tool is very good for detecting memory leaks."
"CodeSonar’s most valuable feature is finding security threats."
"There is nice functionality for code surfing and browsing."
"What I like best about CodeSonar is that it has fantastic speed, analysis and configuration times. Its detection of all runtime errors is also very good, though there were times it missed a few. The configuration of logs by CodeSonar is also very fantastic which I've not seen anywhere else. I also like the GUI interface of CodeSonar because it's very user friendly and the tool also shows very precise logs and results."
"The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code. Additionally, I found the buffer overflow and underflow useful."
"It has been able to scale."
"The most valuable feature of CodeSonar is the catching of dead code. It is helpful."
"The solution effectively identifies bugs in code."
"We were very comfortable with the initial setup."
"The most valuable feature of Coverity is its software security feature called the Checker. If you share some vulnerability or weakness then the software can find any potential security bug or defect. The code integration tool enables some secure coding standards and implements some Checkers for Live Duo. So we can enable secure coding and Azure in this tool. So in our software, we can make sure our software combines some industry supervised data."
"I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be."
"The most valuable feature is the integration with Jenkins."
"The security analysis features are the most valuable features of this solution."
"It is a scalable solution."
"The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time."
"There could be a shared licensing model for the users."
"In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category."
"The scanning tool for core architecture could be improved."
"It was expensive."
"It would be beneficial for the solution to include code standards and additional functionality for security."
"In terms of areas for improvement, the use case for CodeSonar was good, but compared to other tools, it seems CodeSonar isn't a sound static analysis tool, and this is a major con I've seen from it. Right now, in the market, people prefer sound static analysis tools, so I would have preferred if CodeSonar was developed into a sound static analysis tool formally, in terms of its algorithms, so then you can see it extensively used in the market because at the moment, here in India, only fifty to sixty customers use CodeSonar. If the product is developed into a sound static analysis tool, it could compete with Polyspace, and from its current fifty customers, that number could go up to a hundred."
"CodeSonar could improve by having better coding rules so we did not have to use another solution, such as MISRA C."
"Coverity is far from perfection, and I'm not 100 percent sure it's helping me find what I need to find in my role. We need exactly what we are looking for, i.e. security errors and vulnerabilities. It doesn't seem to be reporting while we are changing our code."
"The setup takes very long."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"It should be easier to specify your own validation routines and sanitation routines."
"SCM integration is very poor in Coverity."
"The solution's user interface and quality gate could be improved."
"Right now, the Coverity executable is around 1.2GB to download. If they can reduce it to approximately 600 or 700MB, that would be great. If they decrease the executable, it will be much easier to work in an environment like Docker."
"Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better."
CodeSonar is ranked 22nd in Application Security Tools with 7 reviews while Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews. CodeSonar is rated 8.2, while Coverity is rated 7.8. The top reviewer of CodeSonar writes "Nice interface, quick to deploy, and easy to expand". On the other hand, the top reviewer of Coverity writes "Best SAST tool to check software quality issues". CodeSonar is most compared with SonarQube, Klocwork, Polyspace Code Prover, Semgrep Code and Fortify Static Code Analyzer, whereas Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Parasoft SOAtest.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
