Coverity vs Polyspace Code Prover Comparison 2024

Coverity

Polyspace Code Prover

Coverity

Read 33 Coverity reviews

17,993 views|11,623 comparisons

Polyspace Code Prover

Read 5 Polyspace Code Prover reviews

1,773 views|1,161 comparisons

Comparison Buyer's Guide

Download the complete report

Buyer's Guide

Application Security Testing (AST)

March 2024

Executive Summary

We performed a comparison between Coverity and Polyspace Code Prover based on real PeerSpot user reviews.

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Testing (AST).

To learn more, read our detailed Application Security Testing (AST) Report (Updated: March 2024).

Download the complete report

768,740 professionals have used our research since 2012.

Featured Review

Infinity Chen

Senior Manager at MediaTek

A good and stable solution that has significant software security feature for detecting potential risks

This product improves functionality and efficiency. We cannot find any issues in the early stages.

Anonymous User

Sw expert at a manufacturing company

Enhanced our code verification process but it crashes on large applications

Quotes From Members

We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:

Pros

"The features I find most valuable is that our entire company can publish the analysis results into our central space.""Coverity is easy to set up and has a less lengthy process to find vulnerabilities.""Coverity gives advisory and deviation features, which are some of the parts I liked.""I like Coverity's capability to scan codes once we push it. We don't need more time to review our colleagues' codes. Its UI is pretty straightforward.""The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time.""It is a scalable solution.""The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent.""Coverity is quite stable and we haven’t had any issues or any downtime."

More Coverity Pros →

"Polyspace Code Prover has made me realize it differs from other static code analysis tools because it runs the code. So it's quite distinct in that aspect.""The product detects memory corruptions.""The outputs are very reliable.""Polyspace Code Prover is a very user-friendly tool.""When we work on safety modules, it is mandatory to fulfill ISO 26262 compliance. Using Prover helps fulfill the standard on top of many other quality checks, like division by zero, data type casts, and null pointer dereferences."

More Polyspace Code Prover Pros →

Cons

"Coverity takes a lot of time to dereference null pointers.""The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming.""There should be additional IDE support.""Its price can be improved. Price is always an issue with Synopsys.""It should be easier to specify your own validation routines and sanitation routines.""We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues.""Reporting engine needs to be more robust.""SCM integration is very poor in Coverity."

More Coverity Cons →

"Using Code Prover on large applications crashes sometimes.""The tool has some stability issues.""Automation could be a challenge.""One of the main disadvantages is the time it takes to initiate the first run.""I'd like the data to be taken from any format."

More Polyspace Code Prover Cons →

Pricing and Cost Advice

"Coverity is quite expensive."

"The licensing fees are based on the number of lines of code."

"The price is competitive with other solutions."

"It is expensive."

"Coverity is very expensive."

"This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis."

"The pricing is very reasonable compared to other platforms. It is based on a three year license."

"The pricing is on the expensive side, and we are paying for a couple of items."

More Coverity Pricing and Cost Advice →

"We use the paid version."

More Polyspace Code Prover Pricing and Cost Advice →

See Which Vendors Are Best For You

Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.

See Recommendations

768,740 professionals have used our research since 2012.

Questions from the Community

How would you decide between Coverity and Sonarqube?

Top Answer:We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing… more »

What do you like most about Coverity?

Top Answer:The solution has improved our code quality and security very well.

Read all 23 answers →

What is your experience regarding pricing and costs for Coverity?

Top Answer:We use the paid version.

Read all 4 answers →

What needs improvement with Polyspace Code Prover?

Top Answer:There are two main areas of improvement. * False negatives and false positives. * The speed of the validation itself. Another area I see for improvement is scalability, particularly when dealing with… more »

Read all 5 answers →

Ranking

4th

out of 67 in Application Security Testing (AST)

Views

17,993

Comparisons

11,623

Reviews

Average Words per Review

382

Rating

8.0

23rd

out of 74 in Application Security Tools

Views

1,773

Comparisons

1,161

Reviews

Average Words per Review

656

Rating

7.6

Comparisons

SonarQube vs. Coverity

Compared 51% of the time.

Klocwork vs. Coverity

Compared 9% of the time.

Fortify on Demand vs. Coverity

Compared 6% of the time.

Checkmarx One vs. Coverity

Compared 6% of the time.

Polaris Software Integrity Platform vs. Coverity

Compared 3% of the time.

More Coverity Competitors →

SonarQube vs. Polyspace Code Prover

Compared 33% of the time.

Klocwork vs. Polyspace Code Prover

Compared 16% of the time.

CodeSonar vs. Polyspace Code Prover

Compared 7% of the time.

Parasoft SOAtest vs. Polyspace Code Prover

Compared 6% of the time.

GitLab vs. Polyspace Code Prover

Compared 2% of the time.

More Polyspace Code Prover Competitors →

Also Known As

Synopsys Static Analysis

Learn More

Synopsys

MathWorks

Video Not Available

Overview

Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts.

Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports 22 languages and over 70 frameworks and templates.

Polyspace Code Prover is a sound static analysis tool that proves the absence of overflow, divide-by-zero, out-of-bounds array access, and certain other run-time errors in C and C++ source code. It produces results without requiring program execution, code instrumentation, or test cases. Polyspace Code Prover uses semantic analysis and abstract interpretation based on formal methods to verify software interprocedural, control, and data flow behavior. You can use it on handwritten code, generated code, or a combination of the two. Each operation is color-coded to indicate whether it is free of run-time errors, proven to fail, unreachable, or unproven.

Sample Customers

MStar Semiconductor, Alcatel-Lucent

Alenia Aermacchi, CSEE Transport, Delphi Diesel Systems, EADS, Institute for Radiological Protection and Nuclear Safety, Korean Air, KOSTAL, Miracor, NASA Ames Research Center

Top Industries

REVIEWERS

Manufacturing Company39%

Computer Software Company22%

Comms Service Provider13%

Retailer9%

VISITORS READING REVIEWS

Manufacturing Company28%

Computer Software Company15%

Financial Services Firm8%

Government4%

VISITORS READING REVIEWS

Manufacturing Company34%

Computer Software Company15%

Transportation Company7%

Retailer5%

Company Size

REVIEWERS

Small Business17%

Midsize Enterprise14%

Large Enterprise69%

VISITORS READING REVIEWS

Small Business14%

Midsize Enterprise10%

Large Enterprise76%

VISITORS READING REVIEWS

Small Business14%

Midsize Enterprise10%

Large Enterprise76%

Coverity vs Polyspace Code Prover comparison

Coverity

Polyspace Code Prover