Coverity Reviews

Name: Coverity
Brand: Black Duck
Rating: 3.9 (43 reviews)

3.9 out of 5

43 reviews
89% willing to recommend

287 followers

What is Coverity?

Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts.

Get the Coverity Buyer's Guide and find out what your peers are saying about Coverity, SonarQube Server (formerly SonarQube), GitLab and more!

Coverity is the #4 ranked solution in AST tools. PeerSpot users give Coverity an average rating of 7.8 out of 10. Coverity is most commonly compared to SonarQube Server (formerly SonarQube): Coverity vs SonarQube Server (formerly SonarQube). Coverity is popular among the large enterprise segment, accounting for 76% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a manufacturing company, accounting for 32% of all views.

Helped 856,873 peers since 2012

Featured Coverity reviews

Jaile Sebes

Senior Software Architect at Siemens Industry

We use Coverity primarily to find issues such as software bugs and memory leaks, especially in C++ and C# projects. It helps us identify deadlocks, synchronization issues, and product crashes Coverity has been instrumental in resolving product crashes by detecting various issues like deadlocks.…

Read full review

Md. Shahriar Hussain

Information Security Analyst at Banglalink

The solution can be easily setup but requires heavy integration due to the multiple types of port and programming languages involved. Comparing the resource requirements of the solution I would say it can be installed effortlessly. I would rate the initial setup an eight out of ten. A professional needs some pre-acquired knowledge to manage Coverity's deployment process, but the local solution partners provide support well enough for trouble-free deployment. The overall deployment process of Coverity took around two and a half hours in our organization. The deployment duration depends upon the operating system and resources including high-end RAM and CPU processors.

Read full review

Benoît Labrique

Software Quality Expert at Endress+Hauser AG

We're currently facing a primary challenge with automation using Coverity. Each developer has a license and can perform manual checks, and we also have a nightly build that analyzes the entire software. The main issue is that the tool can't look behind submodules in our code base, so it doesn't see changes stored there. This limitation means it can't detect changes accurately, forcing us to analyze all files instead of just the modified ones. It struggles with repositories organized with different submodules. Although documentation suggests it's possible to configure Coverity to handle this, it requires effort. The solution's analysis tools are high-quality, but the web design could improve. For example, the data is organized into pages when there are many findings, such as ten thousand lines of information. Each page shows about a hundred items, and navigating through these pages (from items 100 to 200, 200 to 300, and so on) can be cumbersome. I've heard from a colleague about another Synopsys tool with a very good GUI. It might be a solution for us to include with Coverity. We invested in Coverity, but compared to SonarQube, it lacks a good interface. SonarQube has a responsive, intuitive GUI, but its analysis quality isn't as good as Coverity's. Coverity's interface isn't great, but its analysis is much better. We hope Synopsys will improve Coverity because it doesn't make a good impression when you first use it. We started with the command line and saw the results were very good. We moved from another tool with a slightly better GUI, but it crashed often, so Coverity was an improvement. When I used the solution earlier, I noticed some issues. It supports C++, which we use, but there's room for improvement. Coverity has two plug-ins. The newer one works well for languages like C# or Java and is very responsive. When we evaluated it with Synopsys, they presented it as easy to configure and install. However, C++ slows down significantly because it's analyzing in the background. It's not very responsive when typing, likely due to the many included files in C++ that need analysis. It's not as quick as with C# or other languages, where you get immediate feedback from Coverity. The classic plug-in is still supported but old-fashioned. It has a manual option, but I haven't checked it. The main problem for C++ users who prefer the old plug-in is responsiveness.

Read full review

Coverity mindshare

As of June 2025, the mindshare of Coverity in the Static Application Security Testing (SAST) category stands at 7.4%, up from 6.6% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Static Application Security Testing (SAST)

PeerResearch reports based on Coverity reviews

Type	Title	Date
Category	Static Application Security Testing (SAST)	Jun 15, 2025	Download
Product	Reviews, tips, and advice from real users	Jun 15, 2025	Download
Comparison	Coverity vs SonarQube Server (formerly SonarQube)	Jun 15, 2025	Download
Comparison	Coverity vs Veracode	Jun 15, 2025	Download
Comparison	Coverity vs Checkmarx One	Jun 15, 2025	Download

Title	Rating	Mindshare	Recommending
SonarQube Server (formerly SonarQube)	4.0	23.9%	81%	116 interviews Add to research
GitLab	4.3	2.6%	97%	84 interviews Add to research

Valuable Features

Valuable features of Coverity include low false positive rates, faster scanning, inline context-sensitive help, and great integration with CI/CD tools. Coverity excels in security analysis, vulnerability identification, interprocedural analysis, and customizable triage. The ability to publish analysis results, provide extensive reports, contributing event features, and seamless integration with Jenkins, GitLab, SonarQube, and diverse deployment options enhance its utility. Coverity's user-friendly interface and detailed remediation guidance further enrich development speed and code quality improvement.

"Coverity provides excellent compliance and other features, which is a very good part."
"Coverity is easy to use and easy to integrate with CI."
"Coverity is easy to use and easy to integrate with CI."

Room for Improvement

Coverity users highlight the need for a more dynamic reporting engine with better customization capabilities. Complexity in user interface design and limited integration with popular IDEs are notable concerns. The system's performance and price are also called into question, alongside challenges with handling false positives and providing accurate feature coverage. Improved support for dynamic scanning and enhanced integration with external analytics tools like SonarQube and Git are often requested by the community.

"The price is a concern, and there are a lot of false positives coming through."
"There is an extra step in my organization that involves uploading to servers, which adds overhead."
"Coverity's implementation cycle is very slow when integrating changes, especially for problems related to event handling and memory leaks."

ROI

Organizations experienced an ROI from Coverity, which increased staff productivity by around 20%. They also valued the IDE plugin for its ability to detect defects early in development, saving costs. Coverity's defect identification before QA or staging led to long-term value. Some users emphasized its role in enhancing security for client products. While not every company saw a sufficient ROI, many appreciated Coverity’s benefits and continued its use over the years.

Pricing

Enterprise buyers find Coverity's pricing expensive, with licenses based on user count. Many suggest pricing based on code lines would be more cost-effective for large developer teams. The yearly licensing model can be competitive, though it is often seen as on the higher side. Some users find the cost reasonable, especially with multi-year agreements. Others highlight the pricing's flexibility when considering various usage scenarios, yet there are concerns about the affordability for acquiring more licenses.

"The solution's pricing is comparable to other products."
"Depending on the usage types, one has to opt for different types of licenses from Coverity, especially to be able to use areas like report viewing or report generation."
"I would rate Coverity's pricing as a nine out of ten. It's already very expensive, and it's a problem for us to get more licenses due to the price. The pricing model has some good aspects - for example, a personal license gives access to all languages without code limitations, which is better than some competitors. However, it's still a lot of money for us to spend."

Popular Use Cases

Organizations primarily utilize Coverity for static code analysis, raising code quality, security, and robustness, especially during integration and development phases. It is often deployed on-premises for auditing, code security, and vulnerability detection. Coverity aids in identifying software bugs, memory leaks, and synchronization issues, supporting various programming languages such as Java, C, and C++. The tool integrates with CI/CD pipelines, helping mitigate security risks early in the software development lifecycle.

Service and Support

Coverity customer service is friendly and responsive, though response times can vary. Technical support is knowledgeable and effective, with premium options available for 24/7 assistance. Users rate technical support positively, with scores typically between seven to nine out of ten. Some express satisfaction with quick responses and helpfulness, while others mention occasional delays or less experienced representatives. Coverage includes email, call, WebEx, and Zoom support, with custom patches provided when needed.

Deployment

Coverity's initial setup is generally seen as straightforward, though some users find it complex due to integration challenges and missing features. Installation varies in duration, from a few minutes to several weeks, depending on specific environments and integrations. The setup for Windows tends to be simpler compared to Linux. Users appreciate the documentation provided, yet they suggest improvements in addressing practical installation details and illustrative examples. Maintenance is often viewed as manageable with vendor support.

Scalability

Users express that Coverity is scalable, performing well for various user counts and integration needs. It receives ratings ranging from good to excellent in scalability. Scaling can require additional hardware or cloud resources. Organizational sizes vary, with some using it across hundreds or thousands of users. Licensing costs may influence scaling decisions. Users recommend the use of containers for better scalability, while integration with CI/CD tools aids effectiveness.

Stability

Coverity is generally stable, with good performance and minimal issues. It's robust and reliable, having been in the industry for decades. Some noted occasional slowdowns during large projects or cloud setups, but these were infrequent. Users rate its stability highly, often around eight or nine out of ten. While some fixes and tuning are occasionally needed for updates, it consistently meets organizational needs without frequent OS configuration changes.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Coverity Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Manufacturing Company

32%

Computer Software Company

14%

Financial Services Firm

Government

Healthcare Company

Aerospace/Defense Firm

University

Comms Service Provider

Retailer

Educational Organization

Media Company

Consumer Goods Company

Transportation Company

Construction Company

Non Profit

Real Estate/Law Firm

Energy/Utilities Company

Engineering Company

Wholesaler/Distributor

Insurance Company

Outsourcing Company

Legal Firm

Hospitality Company

Pharma/Biotech Company

Recreational Facilities/Services Company

Performing Arts

Compare Coverity with alternative products

Learn more about Coverity

Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports more than 20 languages and 200 frameworks and templates.

Coverity was previously known as Synopsys Static Analysis.