I also use SonarQube. It is for code-quality related use cases. 

SonarQube is used for comparison as it is cheaper. However, Coverity is preferred for its specific advantages.

I actually moved on to a different tool. We have now moved to a different platform.

We started with Klockwork, but it was a bad tool. Then we moved to Parasoft. Now, we're using Coverity because we want to deploy it across all departments in the company. However, some departments are still using SonarQube. We could convince them to switch to Coverity if it had a better GUI or was easier for developers to integrate into their development process.

The data that CodeSonar generated as output was huge—gigabytes—and used to clog my hard disk. The second step is that Coverity and CodeSonar have good results, with both having a low false positive ratio. They both do a fair job of identifying defects.

In terms of scale, scalability, and stability, Coverity is on par with CodeSonar due to its architecture and fast response. Coverity uses a built-in PostgreSQL database, which has a good schema interface. Additionally, the incremental scanning is efficient. Coverity supports over 27 programming languages, whereas CodeSonar only supports around five to six. So, if you are working on a project that uses languages like Go, PHP, or others that CodeSonar doesn’t support, CodeSonar would not be suitable.

Moreover, Coverity offers extensive IDE support with add-ons for around seven to eight IDEs, whereas CodeSonar primarily targets a few IDEs like Eclipse and Visual Studio. 

I have experience with SonarQube. I switched to Coverity from SonarQube since the former mainly focuses on scanning and detection of bugs, while the latter focuses on the security of the code. If you want only to fix bugs, then the focus of the product should also be quite good, like Coverity. SonarQube's focus area is different from Coverity.

I don't use any other products which are similar to Coverity.

I use Coverity simultaneously with Fortify but for different purposes.

I had experience with SonarQube as an alternative. Coverity excelled in code scanning because it did not require installation prerequisites. Its reports are also clear and informational. It provides us with a better idea of troubleshooting vulnerabilities.

We are exploring Black Duck, which has more precise things. Coverity has a clear view. The report is very much clear rather than confusing like other tools. It also has a PDF option, and it gives precise information.

Initially, I worked with Klocwork in my previous company.

Regarding Klocwork, if you can provide me with its information, then we would definitely like to explore it.

I used CodeSonar a few years back. Both tools have their advantages. In any static analysis tool, the first stage is the instrumentation of the source code. It'll try to capture the skeleton of your source code. So when I compare them based on the first phase alone, Coverity is far better than CodeSonar. 

They both use a similar technique, but CodeSonar uses up way more storage resources. For example, to scan a 1GB code base, CodeSonar generates more than 5GB of instrumented files for every 1GB of code base. In total, that is 6GB. Coverity generates 500MB extra on top of 1GB, so that equals 1.5GB all in. That's a huge difference. CodeStar would eat up my disc space and hardware resources when I used it, whereas Coverity is minimal. 

In terms of checkers, both CodeSonar and Coverity cover a good length and breadth, especially for C and C++ programming languages. But CodeSonar focuses only on four languages—C, C++, Java, and C#—only four programming languages, whereas Coverity supports more than 20-plus programming languages.

Also, the two are comparable with respect to their plugin offerings, but there are crucial differences. For example, CodeSonar only focuses on well-known integrations, like Jenkins and JIRA, but you cannot expect all customers to use the same tools. Coverity supports almost all CI/CD tools, including Jenkins and Bamboo. It also integrates with service providers like Azure DevOps Pipelines, AWS CodePipelines that CodeSonar hasn't added yet. The plugins are available in the marketplace, and you don't have to pay extra. You just have to download it from the marketplace, hook the plugin in your pipeline, and ready to use kind of approach. So these are some of the major use cases, three major use cases I would say when you compare apples to apples with CodeSonar and Coverity.

I have not used another solution. 

We've used Clockwork before. However, it has the same issues as this product. They're more for C# and C++.

We have used other solutions, such as SonarQube.

We also use SonarQube.

In the past, I used Checkmarx and Fortify, and Coverity had the better price.

We did not use another solution before Coverty, although in my previous company, I used Veracode.

We also use SonarQube for code analysis.

Compared to SonarQube, Coverity finds more vulnerabilities. SonarQube is stronger on core quality, such as duplicate lines of code, but the security issues are found by Coverity.

SonarQube is available as a plugin for development environments such as Eclipse, which allows us to find vulnerabilities proactively.

SonarQube was easier to deploy and I did not require assistance from the vendor for installation or configuration.

My personal business used other tools that offered sonar language tracking. We used a mix of programs with specific options and some standard gcc options. But last year our team preferred to use more visual tools to follow the whole company's policy. That is why we chose Coverity.

We previously used an open-source solution before Coverity. 

We did not have another solution before. We decided to purchase Coverity because the way we were working previously wasn't efficient. So, we were trying to improve our efficiency.

We use SonarQube for Java-based projects and Coverity for C and C++-based projects.