We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing remediation guidance in several languages. It helps developers to understand and fix issues.
We liked the integration of SonarQube with our workflows. Also, you can fine-tune the test level. It is easy to use and very visual. We especially like that it displays red and green bars over the code that the test doesn’t cover. It also detects potential dirty code and gives a detailed report with the percentage the test covered. All in all, it is very helpful in code reviews and saves a lot of time.
We found some downsides, too, though. It is not easy to integrate with Jenkins. Also, the setup is time-consuming and a bit complex. Our developers said that sometimes the check rules are too strict, making it difficult to make a new commit.
Coverity is static analysis (SAST) software that helps uncover security and quality code issues early in the software development life cycle. It is a good text editor and helps to debug and analyze the code really fast. It also has a high detection rate. It is easy to integrate Coverity into the I/CD pipeline. It is also helpful in marking false positives.
That being said, the product is relatively new, and it has a few bugs. For instance, the dereferences of NULL pointers. It also takes a lot of time to show results. We found the UI/UX to be cumbersome to use. The price is also a downside.
Conclusion
If you only need a SAST tester, Coverity can be useful. It provides basic functionality and detects issues. If you want a complete solution, then SonarQube is the better choice.
We performed a comparison between Coverity and SonarQube based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Ease of Deployment: Coverity has a simple deployment process with on-screen instructions, but the total deployment time varies based on the project and integrations. Maintenance is vendor-handled. SonarQube has a straightforward initial setup and automatic deployment, but some database and Java knowledge is...
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing remediation guidance in several languages. It helps developers to understand and fix issues.
We liked the integration of SonarQube with our workflows. Also, you can fine-tune the test level. It is easy to use and very visual. We especially like that it displays red and green bars over the code that the test doesn’t cover. It also detects potential dirty code and gives a detailed report with the percentage the test covered. All in all, it is very helpful in code reviews and saves a lot of time.
We found some downsides, too, though. It is not easy to integrate with Jenkins. Also, the setup is time-consuming and a bit complex. Our developers said that sometimes the check rules are too strict, making it difficult to make a new commit.
Coverity is static analysis (SAST) software that helps uncover security and quality code issues early in the software development life cycle. It is a good text editor and helps to debug and analyze the code really fast. It also has a high detection rate. It is easy to integrate Coverity into the I/CD pipeline. It is also helpful in marking false positives.
That being said, the product is relatively new, and it has a few bugs. For instance, the dereferences of NULL pointers. It also takes a lot of time to show results. We found the UI/UX to be cumbersome to use. The price is also a downside.
Conclusion
If you only need a SAST tester, Coverity can be useful. It provides basic functionality and detects issues. If you want a complete solution, then SonarQube is the better choice.