Try our new research platform with insights from 80,000+ expert users
Angestellter at a computer software company with 11-50 employees
Real User
A scalable and easy-to-use solution that can be easily deployed
Pros and Cons
  • "The product is easy to use."
  • "Sometimes it's a bit hard to figure out how to use the product’s UI."

What is our primary use case?

I use the solution for static analysis.

What is most valuable?

The product has good API documentation. I’m quite happy with it. The product is easy to use.

What needs improvement?

Sometimes it's a bit hard to figure out how to use the product’s UI.

For how long have I used the solution?

I have been using the solution for some years.

Buyer's Guide
Coverity
August 2025
Learn what your peers think about Coverity. Get advice and tips from experienced pros sharing their opinions. Updated: August 2025.
864,797 professionals have used our research since 2012.

What do I think about the stability of the solution?

I have not faced any issues with the product’s stability.

What do I think about the scalability of the solution?

The solution is scalable. Four people in my organization use the solution.

How was the initial setup?

The initial setup is easy.

What other advice do I have?

I am using the latest version of the product. I have also used Clang Static Analyzer. People planning to use the solution should try the open-source version first to understand how it works. We must have the paid version of the product to get all the resources and documentation. Overall, I rate the product an eight out of ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

PeerSpot user
Rich text editor
    reviewer1643271 - PeerSpot reviewer
    Vice President at a tech vendor with 1,001-5,000 employees
    Real User
    Static analysis solution that exposes existing and future vulnerabilities
    Pros and Cons
    • "The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time."
    • "When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material."

    What is our primary use case?

    We use this solution to scan our products. We've integrated with our build system and it automatically completes the scanning.

    What is most valuable?

    The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time.

    What needs improvement?

    When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material. They could also integrate a software composition analysis scan. This would make my job a bit easier.

    There is scope for Coverity to look beyond static analysis. Most of people that I have spoken to use Coverity from a pure static analysis perspective. However, we also need to be able to view dynamic pages and APIs using dynamic scanning and SES scans. Currently we would need to use another solution to be able to do this. 

    For how long have I used the solution?

    I have been using this solution for 10 years.

    What do I think about the stability of the solution?

    This is a stable solution.

    What do I think about the scalability of the solution?

    This is a scalable solution.

    How are customer service and support?

    From a support perspective, they are pretty responsive. I would rate them a five out of five. 

    What was our ROI?

    The the last ten years, our company has derived value from using this solution. We continuously evaluate our tech stack and if a better solution came along, we would consider it if it provided more value. 

    What's my experience with pricing, setup cost, and licensing?

    This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis. 

    There are other new tools like Veracode, Java Icon and Javascript which are better than Coverity when it comes to visualization. Their cost is significantly lower compared to Synopsys. 

    What other advice do I have?

    Coverity is really good with CC+ and legacy technologies. However, there are other products that are probably as good or even better than Coverity when it comes to Java or cloud applications. 

    If someone were to ask me what tool I would recommend, my answer would depend on what technology they're using and what their use case is. My advice would be based on how they're going to use the product and what they're expecting from the tool.

    I would rate this solution an eight out of ten. 

    Disclosure: My company does not have a business relationship with this vendor other than being a customer.

    PeerSpot user
    Rich text editor
      Buyer's Guide
      Coverity
      August 2025
      Learn what your peers think about Coverity. Get advice and tips from experienced pros sharing their opinions. Updated: August 2025.
      864,797 professionals have used our research since 2012.
      Birbal Sain - PeerSpot reviewer
      Software Developer at Altair
      Real User
      Scalable, good for cluster structures, and has helpful technical support
      Pros and Cons
      • "Coverity is scalable."
      • "Coverity is not stable."

      What is our primary use case?

      We are using GK and the latest version for port deployment.

      For how long have I used the solution?

      I have been using Coverity for three and a half years.

      What do I think about the stability of the solution?

      Coverity is not stable but it is sufficient for our organization's requirements.

      What do I think about the scalability of the solution?

      Coverity is scalable.

      How are customer service and support?

      We contacted technical support to help us clean up an issue we had.

      What other advice do I have?

      If they have a cluster structure, then definitely they should use Coverity. I would rate Coverity a nine out of ten.

      Disclosure: My company does not have a business relationship with this vendor other than being a customer.

      PeerSpot user
      Rich text editor
        reviewer1442352 - PeerSpot reviewer
        Director at a manufacturing company with 10,001+ employees
        Real User
        Stable, scalable, and provides reports about a lot of potential defects
        Pros and Cons
        • "It provides reports about a lot of potential defects."
        • "Its price can be improved. Price is always an issue with Synopsys."

        What is our primary use case?

        We use it in our company during product development.

        What is most valuable?

        It provides reports about a lot of potential defects.

        What needs improvement?

        Its price can be improved. Price is always an issue with Synopsys.

        For how long have I used the solution?

        I have been using Coverity for about three or four years.

        What do I think about the stability of the solution?

        It has good stability.

        What do I think about the scalability of the solution?

        Its scalability is good. 

        How are customer service and technical support?

        They are professional and very responsible. They have a local FAE.

        How was the initial setup?

        It is not straightforward, but it is also not too complex. The learning curve needed for installing Coverity is okay.

        What's my experience with pricing, setup cost, and licensing?

        It is expensive.

        What other advice do I have?

        I would recommend this solution if you can afford it. If you have enough budget, it is one of the best solutions right now. There may be other cheaper solutions, but you get what you pay for.

        We have been using Coverity for several years. We would not have continued using it if it was not a good solution. We always have some minor questions or improvements for them, and they always give us a relatively fast response.

        I would rate Coverity a nine out of ten. Only its price should be improved.

        Which deployment model are you using for this solution?

        On-premises
        Disclosure: My company does not have a business relationship with this vendor other than being a customer.

        PeerSpot user
        Rich text editor
          reviewer1419987 - PeerSpot reviewer
          Senior Technical Specialist at a tech services company with 201-500 employees
          Real User
          Integrates well with Jenkins and GitLab, and has helped us find errors before going into production
          Pros and Cons
          • "The most valuable feature is the integration with Jenkins."
          • "Ideally, it would have a user-based license that does not have a restriction in the number of lines of code."

          What is our primary use case?

          We have a development team and we are using this product for static code analysis.

          How has it helped my organization?

          This product has definitely helped our organization. Based on what I have heard from the development team, they have found a lot of issues before code goes into production.

          What is most valuable?

          The most valuable feature is the integration with Jenkins. Jenkins can be used to automatically run it to perform the code analysis.

          Integration with GitLab is helpful.

          What needs improvement?

          Coverity is too costly, which is why we are trying other tools. Ideally, it would have a user-based license that does not have a restriction in the number of lines of code.

          For how long have I used the solution?

          We have been using Coverity for between five and six years.

          What do I think about the scalability of the solution?

          Coverity is used across our entire organization.

          How was the initial setup?

          The initial setup in the Windows environment was straightforward. However, for Linux, it has some complexity.

          What about the implementation team?

          We have a separate team in the company that takes care of deployment. One person is enough for the task

          What's my experience with pricing, setup cost, and licensing?

          The licensing fees are based on the number of lines of code. We may not need more than five user licenses but with a restriction on the number of lines of code, for a small company the cost will shoot up.

          Which other solutions did I evaluate?

          Our license for Coverity has expired and we are in the process of exploring new static code analysis tools. Ideally, we would like to have one that is low-cost.

          One of the products that I have downloaded a trial version for is SonarQube. At this point, I have only installed the Windows version but I plan on testing the Linux version, as well.

          What other advice do I have?

          In summary, this is a helpful product and the feedback that I have heard from the development team is good.

          I would rate this solution an eight out of ten.

          Which deployment model are you using for this solution?

          On-premises
          Disclosure: My company has a business relationship with this vendor other than being a customer. Partner

          PeerSpot user
          Rich text editor
            Yantao Zhao - PeerSpot reviewer
            Software Integration Engineer at Thales
            Real User
            Top 5
            Enables our entire company to publish the analysis results into our central space
            Pros and Cons
            • "The features I find most valuable is that our entire company can publish the analysis results into our central space."
            • "The setup takes very long."

            What is our primary use case?

            We use Coverity during the software integration phase. We have a lot of components so we use Coverity to build the components, analyze and publish the data into sonar server and that's our work.

            How has it helped my organization?

            Depending on our product's needs, we defined the rule set to check and improve the source code.

            What is most valuable?

            The features I find most valuable is that our entire company can publish the analysis results into our central space. That allows us to see the latest quality of all components on the sonar web page.

            What needs improvement?

            My personal opinion is that the webpage of the last version of Coverity is not very easy to use. They've made some unnecessary changes and now I can't see all the analysis results or my status from when we started using the solution up to now. Because we have many components on the integration field, it is sometimes hard to find files of one specific component because we use relative path. When I look at the components, they all look very similar. But that is just my personal opinion.

            I would also like to see a more user-friendly user interface and configuration. I can see the menu on the left but it's a little different from the other tools that I use, but this is perhaps only a personal thing. 

            For how long have I used the solution?

            We have been working on Coverity for about a year and a half

            What do I think about the stability of the solution?

            Coverity is a very stable solution.

            What do I think about the scalability of the solution?

            I believe the solution is scalable. Sometimes I want to put one component in a certain project, and I need to find what's the best way for us. We have a lot of users using Coverity and we will adapt it into our program. 

            How are customer service and technical support?

            Most of the time I just do some research myself and Google their webpage to see how I can find a solution for my problem. The program has a tools team to help find the solutions. 

            Which solution did I use previously and why did I switch?

            My personal business used other tools that offered sonar language tracking. We used a mix of programs with specific options and some standard gcc options. But last year our team preferred to use more visual tools to follow the whole company's policy. That is why we chose Coverity.

            How was the initial setup?

            We have an administrator for the deployment, so I am only a user. I just added a few projects and streams, and use the data extracted from the compilation, and run the analysis. The setup did take a long time, however.

            What about the implementation team?

            We implement through an in-house tools team.

            What was our ROI?

            I don't care it so much.

            What's my experience with pricing, setup cost, and licensing?

            For the setup, it's better to adapt the solution from the mature projects.

            Don't care so much the pricing and licensing being the end user.

            Which other solutions did I evaluate?

            Before choosing, we tried to use gcc compiler options, i.e. 

            EXT_GCOV_FLAGS='-fprofile-arcs -ftest-coverage'
            EXT_GCOV_LDFLAGS=-fprofile-arcs
            EXT_CC_FLAGS=-fdiagnostics-show-option
            GCOV_LIB=-lgcov

            What other advice do I have?

            I will suggest that when they use the program for a new project, they should just copy the data from a mature solution to the new project because the setup really takes a long time. We spent a lot of time to set Coverity up because I thought of creating the project in the Coverity server and use Coverity for the sonar part properly. But it took a long time. I will give the solution a 7.5 rating out of ten. When we officially use all the data, it will accumulate more experiences and then we will have different opinions.

            Disclosure: My company does not have a business relationship with this vendor other than being a customer.

            PeerSpot user
            Rich text editor
              Security Engineer at a comms service provider with 10,001+ employees
              Real User
              Good security analysis features but it should support more languages and the user interface is not user-friendly
              Pros and Cons
              • "The security analysis features are the most valuable features of this solution."
              • "The quality of the code needs improvement."

              What is our primary use case?

              We use the on-premise deployment model of this solution. Our primary use case of this solution is for auditing. 

              What is most valuable?

              The security analysis features are the most valuable features of this solution. 

              What needs improvement?

              The quality of the code needs improvement. They should develop a better code. 

              The interface, efficiency, and the performance also need improvement as well as the languages that it offers. It should have more language options.

              The user interface is not user-friendly.

              For how long have I used the solution?

              I have been using this solution for around three years.

              What do I think about the stability of the solution?

              It is stable. 

              What do I think about the scalability of the solution?

              We have 30 users licensed for this solution. We use it when we need it. 

              How are customer service and technical support?

              Their technical support isn't so good. That needs improvement. They don't address the problems I bring up. It's not a priority for them. 

              Which solution did I use previously and why did I switch?

              We previously used an open-source solution before Coverity. 

              How was the initial setup?

              The initial setup was easy. The solution is complex to use but not complex to deploy. 

              What about the implementation team?

              We deployed the solution ourselves. 

              What's my experience with pricing, setup cost, and licensing?

              Licensing is on a yearly basis. 

              What other advice do I have?

              I would recommend this solution depending on the language you're using, Java and C++.

              I would rate it a five out of ten. Not a ten because it's not efficient for the language we use. 

              Disclosure: My company does not have a business relationship with this vendor other than being a customer.

              PeerSpot user
              Rich text editor
                Real User
                It gives advice and training on how to resolve the most common quality issues, but the REST implementation is sub-par

                What is our primary use case?

                • Raising the level of code quality, security, and robustness in the codebase
                • Tracking and addressing code quality issues.

                How has it helped my organization?

                Coverity provides developers with a good, best practice, coding advice, and tracks risks of poor coding quality. Coverity reports have urged developers to improve the quality of their code.

                What is most valuable?

                • I like that it gives advice and training on how to resolve the most common quality issues. 
                • Links to more details on each issue and the background and risks.

                What needs improvement?

                • Ability to follow source file s-links into the target location for issuing assignments through GIT.  Our current build environment uses symbolic links into the git repo and Coverity does not follow the link into the actual location of the source file to determine the git author.
                • Single API for all interactions. I am not a fan of using both SOAP and REST APIs and Coverity offers a mix of functionality depending on the interface used. I would greatly prefer a full REST API with improved documentation for all actions including issuing assignments, streaming, and project creation. 

                For how long have I used the solution?

                One to three years.
                Disclosure: My company does not have a business relationship with this vendor other than being a customer.

                PeerSpot user
                Rich text editor
                  Buyer's Guide
                  Download our free Coverity Report and get advice and tips from experienced pros sharing their opinions.
                  Updated: August 2025
                  Buyer's Guide
                  Download our free Coverity Report and get advice and tips from experienced pros sharing their opinions.
                  ...
                  ...