We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing remediation guidance in several languages. It helps developers to understand and fix issues.
We liked the integration of SonarQube with our workflows. Also, you can fine-tune the test level. It is easy to use and very visual. We especially like that it displays red and green bars over the code that the test doesn’t cover. It also detects potential dirty code and gives a detailed report with the percentage the test covered. All in all, it is very helpful in code reviews and saves a lot of time.
We found some downsides, too, though. It is not easy to integrate with Jenkins. Also, the setup is time-consuming and a bit complex. Our developers said that sometimes the check rules are too strict, making it difficult to make a new commit.
Coverity is static analysis (SAST) software that helps uncover security and quality code issues early in the software development life cycle. It is a good text editor and helps to debug and analyze the code really fast. It also has a high detection rate. It is easy to integrate Coverity into the I/CD pipeline. It is also helpful in marking false positives.
That being said, the product is relatively new, and it has a few bugs. For instance, the dereferences of NULL pointers. It also takes a lot of time to show results. We found the UI/UX to be cumbersome to use. The price is also a downside.
Conclusion
If you only need a SAST tester, Coverity can be useful. It provides basic functionality and detects issues. If you want a complete solution, then SonarQube is the better choice.
SonarQube Server and Coverity Static are both leading tools in the code analysis market. SonarQube is often preferred for its broad language support and open-source options, whereas Coverity is favored for its strong security features, despite a higher cost.Features:SonarQube Server supports over 20 programming languages and offers extensive integration with CI/CD tools. It includes custom coding rules and a vibrant open-source community that provides features like elastic search, dependency...
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing remediation guidance in several languages. It helps developers to understand and fix issues.
We liked the integration of SonarQube with our workflows. Also, you can fine-tune the test level. It is easy to use and very visual. We especially like that it displays red and green bars over the code that the test doesn’t cover. It also detects potential dirty code and gives a detailed report with the percentage the test covered. All in all, it is very helpful in code reviews and saves a lot of time.
We found some downsides, too, though. It is not easy to integrate with Jenkins. Also, the setup is time-consuming and a bit complex. Our developers said that sometimes the check rules are too strict, making it difficult to make a new commit.
Coverity is static analysis (SAST) software that helps uncover security and quality code issues early in the software development life cycle. It is a good text editor and helps to debug and analyze the code really fast. It also has a high detection rate. It is easy to integrate Coverity into the I/CD pipeline. It is also helpful in marking false positives.
That being said, the product is relatively new, and it has a few bugs. For instance, the dereferences of NULL pointers. It also takes a lot of time to show results. We found the UI/UX to be cumbersome to use. The price is also a downside.
Conclusion
If you only need a SAST tester, Coverity can be useful. It provides basic functionality and detects issues. If you want a complete solution, then SonarQube is the better choice.