Try our new research platform with insights from 80,000+ expert users
Coverity Static Logo

Coverity Static pros and cons

Vendor: Black Duck
3.9 out of 5
Leave a review

Pros & Cons summary

Coverity Static excels with low false positives, enhancing vulnerability focus. It boosts productivity through reliable scalability and stability without downtime. Key strengths include Jenkins, Jira integration, and code scanning features. However, the setup is lengthy, usability requires better IDE integration, and reports need robustness. Affordability and user-based licensing are concerns, alongside integration challenges and false positives, especially with zero-day vulnerabilities and systems like Azure DevOps.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Coverity Static effectively reduces false positives, allowing users to focus on genuine vulnerabilities and improve code quality.
It significantly enhances staff productivity, improving work quality by approximately 20%.
The security analysis and capabilities, such as interprocedural analysis, help in identifying critical vulnerabilities and ensuring software security.
The integration with tools like Jenkins and Jira supports seamless continuous integration and issue tracking, making development processes smoother.
Coverity Static is noted for its stability and scalability, ensuring consistent performance without downtime.

CONS

Coverity Static faces challenges with false positives, resulting in wasted time addressing issues that are not actual problems.
Reporting engine and integrations like SCM need significant enhancements to provide more robust and timely feedback.
The setup process is lengthy and complex, requiring improvements in ease of use and integration with developer workflows.
Customizability is limited, particularly in defining custom validation routines and checkers, hindering its adaptability to specific needs.
Coverity Static's pricing and licensing model are concerns, particularly in terms of user-based licenses and line of code restrictions.
 

Coverity Static Pros review quotes

VV
Apr 26, 2024
Coverity integrates with issue-tracking systems like Jira and provides email notifications, alerts, and other features.
Read full review
reviewer1428837 - PeerSpot reviewer
Sep 30, 2020
The most valuable feature is that there were not a whole lot of false positives, at least on the codebases that I looked at.
Read full review
VV
Oct 12, 2021
One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited.
Read full review
Buyer's Guide
Coverity Static
September 2025
Free Report: Coverity Static Reviews and More
Learn what your peers think about Coverity Static. Get advice and tips from experienced pros sharing their opinions. Updated: September 2025.
DOWNLOAD NOW
867,370 professionals have used our research since 2012.
BL
Apr 3, 2024
In my opinion, the most effective Coverity feature for identifying critical vulnerabilities is the extra checks, which offers deep analysis.
Read full review
Md. Shahriar Hussain - PeerSpot reviewer
May 3, 2024
The reporting feature is up to the mark.
Read full review
AP
Nov 9, 2023
The interface of Coverity is quite good, and it is also easy to use.
Read full review
it_user1316571 - PeerSpot reviewer
Apr 2, 2020
Coverity is quite stable and we haven’t had any issues or any downtime.
Read full review
Yantao Zhao - PeerSpot reviewer
Sep 4, 2019
The features I find most valuable is that our entire company can publish the analysis results into our central space.
Read full review
GR
Jun 23, 2023
Coverity gives advisory and deviation features, which are some of the parts I liked.
Read full review
Arun Dahiphale - PeerSpot reviewer
Feb 20, 2024
The solution has improved our code quality and security very well.
Read full review
Show 10 more reviews (out of 41)
 

Coverity Static Cons review quotes

VV
Apr 26, 2024
Coverity concerns its dashboards and reporting.
Read full review
reviewer1428837 - PeerSpot reviewer
Sep 30, 2020
It should be easier to specify your own validation routines and sanitation routines.
Read full review
VV
Oct 12, 2021
Right now, the Coverity executable is around 1.2GB to download. If they can reduce it to approximately 600 or 700MB, that would be great. If they decrease the executable, it will be much easier to work in an environment like Docker.
Read full review
Buyer's Guide
Coverity Static
September 2025
Free Report: Coverity Static Reviews and More
Learn what your peers think about Coverity Static. Get advice and tips from experienced pros sharing their opinions. Updated: September 2025.
DOWNLOAD NOW
867,370 professionals have used our research since 2012.
BL
Apr 3, 2024
We're currently facing a primary challenge with automation using Coverity. Each developer has a license and can perform manual checks, and we also have a nightly build that analyzes the entire software. The main issue is that the tool can't look behind submodules in our code base, so it doesn't see changes stored there.
Read full review
Md. Shahriar Hussain - PeerSpot reviewer
May 3, 2024
The reporting tool integration process is sometimes slow.
Read full review
AP
Nov 9, 2023
Coverity takes a lot of time to dereference null pointers.
Read full review
it_user1316571 - PeerSpot reviewer
Apr 2, 2020
I would like to see integration with popular IDEs, such as Eclipse.
Read full review
Yantao Zhao - PeerSpot reviewer
Sep 4, 2019
The setup takes very long.
Read full review
GR
Jun 23, 2023
SCM integration is very poor in Coverity.
Read full review
Arun Dahiphale - PeerSpot reviewer
Feb 20, 2024
It would be great if we could customize the rules to focus on critical issues.
Read full review
Show 10 more reviews (out of 41)

Product Categories

Product Categories
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs Coverity Static Logo
SonarQube Server (formerly SonarQube) vs Coverity Static
GitLab vs Coverity Static Logo
GitLab vs Coverity Static
Snyk vs Coverity Static Logo
Snyk vs Coverity Static
Checkmarx One vs Coverity Static Logo
Checkmarx One vs Coverity Static
Veracode vs Coverity Static Logo
Veracode vs Coverity Static
OpenText Core Application Security vs Coverity Static Logo
OpenText Core Application Security vs Coverity Static
OWASP Zap vs Coverity Static Logo
OWASP Zap vs Coverity Static
SonarQube Cloud (formerly SonarCloud) vs Coverity Static Logo
SonarQube Cloud (formerly SonarCloud) vs Coverity Static
Acunetix vs Coverity Static Logo
Acunetix vs Coverity Static
HCL AppScan vs Coverity Static Logo
HCL AppScan vs Coverity Static
PortSwigger Burp Suite Professional vs Coverity Static Logo
PortSwigger Burp Suite Professional vs Coverity Static
Qualys Web Application Scanning vs Coverity Static Logo
Qualys Web Application Scanning vs Coverity Static
Klocwork vs Coverity Static Logo
Klocwork vs Coverity Static
Semgrep vs Coverity Static Logo
Semgrep vs Coverity Static
Invicti vs Coverity Static Logo
Invicti vs Coverity Static
See all alternatives

Product Categories

Product Categories
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs Coverity Static Logo
SonarQube Server (formerly SonarQube) vs Coverity Static
GitLab vs Coverity Static Logo
GitLab vs Coverity Static
Snyk vs Coverity Static Logo
Snyk vs Coverity Static
Checkmarx One vs Coverity Static Logo
Checkmarx One vs Coverity Static
Veracode vs Coverity Static Logo
Veracode vs Coverity Static
OpenText Core Application Security vs Coverity Static Logo
OpenText Core Application Security vs Coverity Static
OWASP Zap vs Coverity Static Logo
OWASP Zap vs Coverity Static
SonarQube Cloud (formerly SonarCloud) vs Coverity Static Logo
SonarQube Cloud (formerly SonarCloud) vs Coverity Static
Acunetix vs Coverity Static Logo
Acunetix vs Coverity Static
HCL AppScan vs Coverity Static Logo
HCL AppScan vs Coverity Static
PortSwigger Burp Suite Professional vs Coverity Static Logo
PortSwigger Burp Suite Professional vs Coverity Static
Qualys Web Application Scanning vs Coverity Static Logo
Qualys Web Application Scanning vs Coverity Static
Klocwork vs Coverity Static Logo
Klocwork vs Coverity Static
Semgrep vs Coverity Static Logo
Semgrep vs Coverity Static
Invicti vs Coverity Static Logo
Invicti vs Coverity Static
See all alternatives
Related questions
  • 129
What is the difference between Coverity and SonarQube?
  • 46
What is the biggest difference between Coverity and SonarQube?
  • 697
How would you decide between Coverity and Sonarqube?
  • 8
What Application Security Solution Do You Use That Is DevOps Friendly?
  • 15
Which is the most comprehensive open source Web Security Testing tool?
  • 55
What is the best Application Security Testing platform?
  • 9
When evaluating Application Security Testing, what aspect do you think is the most important to look for?
  • 24
SAST vs. DAST: Which is better for application security testing?
  • 31
What tools do you rely on for building a DevSecOps pipeline?
  • 39
What does the Log4j/Log4Shell vulnerability mean for your company?