Try our new research platform with insights from 80,000+ expert users

Coverity Static pros and cons

Vendor: Black Duck

3.9 out of 5

43 reviews
89% willing to recommend

Pros & Cons summary

Coverity Static excels with low false positives, enhancing vulnerability focus. It boosts productivity through reliable scalability and stability without downtime. Key strengths include Jenkins, Jira integration, and code scanning features. However, the setup is lengthy, usability requires better IDE integration, and reports need robustness. Affordability and user-based licensing are concerns, alongside integration challenges and false positives, especially with zero-day vulnerabilities and systems like Azure DevOps.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

Coverity Static effectively reduces false positives, allowing users to focus on genuine vulnerabilities and improve code quality.

It significantly enhances staff productivity, improving work quality by approximately 20%.

The security analysis and capabilities, such as interprocedural analysis, help in identifying critical vulnerabilities and ensuring software security.

The integration with tools like Jenkins and Jira supports seamless continuous integration and issue tracking, making development processes smoother.

Coverity Static is noted for its stability and scalability, ensuring consistent performance without downtime.

CONS

Coverity Static faces challenges with false positives, resulting in wasted time addressing issues that are not actual problems.

Reporting engine and integrations like SCM need significant enhancements to provide more robust and timely feedback.

The setup process is lengthy and complex, requiring improvements in ease of use and integration with developer workflows.

Customizability is limited, particularly in defining custom validation routines and checkers, hindering its adaptability to specific needs.

Coverity Static's pricing and licensing model are concerns, particularly in terms of user-based licenses and line of code restrictions.

Coverity Static Pros review quotes

VV

Varun Venugopal

Senior Solutions Architect at Telstra

Apr 26, 2024

Coverity integrates with issue-tracking systems like Jira and provides email notifications, alerts, and other features.

Read full review

reviewer1428837

Security Consultant at a tech services company with 11-50 employees

Sep 30, 2020

The most valuable feature is that there were not a whole lot of false positives, at least on the codebases that I looked at.

Read full review

VV

Senior Solutions Architect at a computer software company with 11-50 employees

Oct 12, 2021

One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited.

Read full review

Coverity Static

Free Report: Coverity Static Reviews and More

Learn what your peers think about Coverity Static. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.

877,451 professionals have used our research since 2012.

BL

Benoît Labrique

Software Quality Expert at Endress+Hauser AG

Apr 3, 2024

In my opinion, the most effective Coverity feature for identifying critical vulnerabilities is the extra checks, which offers deep analysis.

Read full review

Md. Shahriar Hussain

Information Security Analyst at Banglalink

May 3, 2024

The reporting feature is up to the mark.

Read full review

AP

Software Developer at KPIT Technologies

Nov 9, 2023

The interface of Coverity is quite good, and it is also easy to use.

Read full review

Automation Practice Leader at a financial services firm with 10,001+ employees

Apr 2, 2020

Coverity is quite stable and we haven’t had any issues or any downtime.

Read full review

Software Integration Engineer at Thales

Sep 4, 2019

The features I find most valuable is that our entire company can publish the analysis results into our central space.

Read full review

GR

Integration Supervisor Lead at Visteon Corporation

Jun 23, 2023

Coverity gives advisory and deviation features, which are some of the parts I liked.

Read full review

Technical Architect at Elastic Care Inc

Feb 20, 2024

The solution has improved our code quality and security very well.

Read full review

Show 10 more reviews (out of 26)

Coverity Static Cons review quotes

VV

Varun Venugopal

Senior Solutions Architect at Telstra

Apr 26, 2024

Coverity concerns its dashboards and reporting.

Read full review

reviewer1428837

Security Consultant at a tech services company with 11-50 employees

Sep 30, 2020

It should be easier to specify your own validation routines and sanitation routines.

Read full review

VV

Senior Solutions Architect at a computer software company with 11-50 employees

Oct 12, 2021

Right now, the Coverity executable is around 1.2GB to download. If they can reduce it to approximately 600 or 700MB, that would be great. If they decrease the executable, it will be much easier to work in an environment like Docker.

Read full review

Coverity Static

Free Report: Coverity Static Reviews and More

Learn what your peers think about Coverity Static. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.

877,451 professionals have used our research since 2012.

BL

Benoît Labrique

Software Quality Expert at Endress+Hauser AG

Apr 3, 2024

We're currently facing a primary challenge with automation using Coverity. Each developer has a license and can perform manual checks, and we also have a nightly build that analyzes the entire software. The main issue is that the tool can't look behind submodules in our code base, so it doesn't see changes stored there.

Read full review

Md. Shahriar Hussain

Information Security Analyst at Banglalink

May 3, 2024

The reporting tool integration process is sometimes slow.

Read full review

AP

Software Developer at KPIT Technologies

Nov 9, 2023

Coverity takes a lot of time to dereference null pointers.

Read full review

Automation Practice Leader at a financial services firm with 10,001+ employees

Apr 2, 2020

I would like to see integration with popular IDEs, such as Eclipse.

Read full review

Software Integration Engineer at Thales

Sep 4, 2019

The setup takes very long.

Read full review

GR

Integration Supervisor Lead at Visteon Corporation

Jun 23, 2023

SCM integration is very poor in Coverity.

Read full review

Technical Architect at Elastic Care Inc

Feb 20, 2024

It would be great if we could customize the rules to focus on critical issues.

Read full review

Show 10 more reviews (out of 26)

Product Categories

Product Categories

Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons

SonarQube vs Coverity Static

Snyk vs Coverity Static

GitLab vs Coverity Static

Checkmarx One vs Coverity Static

Veracode vs Coverity Static

OWASP Zap vs Coverity Static

OpenText Core Application Security vs Coverity Static

Acunetix vs Coverity Static

PortSwigger Burp Suite Professional vs Coverity Static

HCL AppScan vs Coverity Static

Qualys Web Application Scanning vs Coverity Static

GitGuardian Platform vs Coverity Static

Klocwork vs Coverity Static

Semgrep vs Coverity Static

Invicti vs Coverity Static

See all alternatives

Product Categories

Product Categories

Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons

SonarQube vs Coverity Static

Snyk vs Coverity Static

GitLab vs Coverity Static

Checkmarx One vs Coverity Static

Veracode vs Coverity Static

OWASP Zap vs Coverity Static

OpenText Core Application Security vs Coverity Static

Acunetix vs Coverity Static

PortSwigger Burp Suite Professional vs Coverity Static

HCL AppScan vs Coverity Static

Qualys Web Application Scanning vs Coverity Static

GitGuardian Platform vs Coverity Static

Klocwork vs Coverity Static

Semgrep vs Coverity Static

Invicti vs Coverity Static

See all alternatives

Related questions

124

What is the difference between Coverity and SonarQube?

31

What is the biggest difference between Coverity and SonarQube?

498

How would you decide between Coverity and Sonarqube?

9

What Application Security Solution Do You Use That Is DevOps Friendly?

10

Which is the most comprehensive open source Web Security Testing tool?

38

What is the best Application Security Testing platform?

10

When evaluating Application Security Testing, what aspect do you think is the most important to look for?

32

SAST vs. DAST: Which is better for application security testing?

26

What tools do you rely on for building a DevSecOps pipeline?

40

What does the Log4j/Log4Shell vulnerability mean for your company?