We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing remediation guidance in several languages. It helps developers to understand and fix issues.
We liked the integration of SonarQube with our workflows. Also, you can fine-tune the test level. It is easy to use and very visual. We especially like that it displays red and green bars over the code that the test doesn’t cover. It also detects potential dirty code and gives a detailed report with the percentage the test covered. All in all, it is very helpful in code reviews and saves a lot of time.
We found some downsides, too, though. It is not easy to integrate with Jenkins. Also, the setup is time-consuming and a bit complex. Our developers said that sometimes the check rules are too strict, making it difficult to make a new commit.
Coverity is static analysis (SAST) software that helps uncover security and quality code issues early in the software development life cycle. It is a good text editor and helps to debug and analyze the code really fast. It also has a high detection rate. It is easy to integrate Coverity into the I/CD pipeline. It is also helpful in marking false positives.
That being said, the product is relatively new, and it has a few bugs. For instance, the dereferences of NULL pointers. It also takes a lot of time to show results. We found the UI/UX to be cumbersome to use. The price is also a downside.
Conclusion
If you only need a SAST tester, Coverity can be useful. It provides basic functionality and detects issues. If you want a complete solution, then SonarQube is the better choice.
SonarQube Server and Coverity are prominent tools in the code analysis and quality assurance category. SonarQube seems to have the upper hand due to its cost-effectiveness and flexibility, whereas Coverity offers robust security solutions at a higher price.
Features: SonarQube Server provides diverse language support, integration capabilities, and custom coding rules, ideal for project managers seeking a versatile tool. It supports over 20 programming languages and offers rich graphical...
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing remediation guidance in several languages. It helps developers to understand and fix issues.
We liked the integration of SonarQube with our workflows. Also, you can fine-tune the test level. It is easy to use and very visual. We especially like that it displays red and green bars over the code that the test doesn’t cover. It also detects potential dirty code and gives a detailed report with the percentage the test covered. All in all, it is very helpful in code reviews and saves a lot of time.
We found some downsides, too, though. It is not easy to integrate with Jenkins. Also, the setup is time-consuming and a bit complex. Our developers said that sometimes the check rules are too strict, making it difficult to make a new commit.
Coverity is static analysis (SAST) software that helps uncover security and quality code issues early in the software development life cycle. It is a good text editor and helps to debug and analyze the code really fast. It also has a high detection rate. It is easy to integrate Coverity into the I/CD pipeline. It is also helpful in marking false positives.
That being said, the product is relatively new, and it has a few bugs. For instance, the dereferences of NULL pointers. It also takes a lot of time to show results. We found the UI/UX to be cumbersome to use. The price is also a downside.
Conclusion
If you only need a SAST tester, Coverity can be useful. It provides basic functionality and detects issues. If you want a complete solution, then SonarQube is the better choice.