Top Rated Coverity Alternatives
56 Coverity Reviews
Overall Review Sentiment for Coverity
Log in to view review sentiment.
Sometimes finds breathtaking C++ out of bounds memory writes. Review collected by and hosted on G2.com.
Little progress since 2010’s; languages other than C/C++ extremely weak. Useless support since takeover by Synopsys. Review collected by and hosted on G2.com.
A good text editor does more than just inspect and verify one programming language. A text editor that doesn’t have much in the way of language support can be the greatest app the world has ever seen and still be wrong for your needs if you don’t code in one of the languages it understands. Your dream editor should be able to work with many languages without reduced functionality. An easy-to-use, fully customizable editor. Some of its customizations include debugging and compiling features through extensions and plug-ins. Best of all. In general, it's great when you have the time to set it upright, and not as good when you want to get moving quickly without a lot of configuration. Review collected by and hosted on G2.com.
Everything is ok, But the project is not famous yet, but I think it will be resolved soon. Also, some plugins crash randomly. Sometimes it becomes slow when working on multiple files and the syntax highlighting for some languages is missing. Depending on your previous workspace, it can open with two panes and a welcome tab in each, requiring you to close lots of cruft on startup. Review collected by and hosted on G2.com.
I love the feature how coverity tool by synopsys can detect issues in the code and thus provides a way to make your code way more optimized. Review collected by and hosted on G2.com.
I dislike that sometimes there are false positive issues for which there is no perfect fix, but coverity indicate it as a bug. But there is always a way to declare that false positive and its good enough. Review collected by and hosted on G2.com.
It has very capable and promising features which provides an user to debug and analysis the code for the faster run times. I have used this tool while doing in my project.
The quality of producy support is awe some, they actually helped me alot which reduces time and effort, and makes my code best. Review collected by and hosted on G2.com.
It has some bugs to fix but can find the solutions for it because of their product support. Review collected by and hosted on G2.com.
We use the Coverity Static Analysis tool for security scans of C/C++ server code.
Coverity is having a higher detection rate as we highly rely on this code scan for our application code.
We had seamlessly integrated this SAST tool (Coverity) to our CI/CD Pipeline and the vulnerabilities were being notified to the respective developer via mail.
It provides a mechanism to audit the findings and mark false positives in an effecient way.
Support for several languages is one another factor that stands out well when compared to other tools.
Time it takes to scan huge code lines is significantky faster compared to other tools. Review collected by and hosted on G2.com.
However there are some improvements points which I thought I should highlight to make this tool even more better for the end users.
strzcpy vs. NULL_STRING
Coverity does not recognize that strzcpy adds a terminating x00.
ab_pfetch*
On Windows we currently have many OVERRUN false positives.
bsearch on fixed width table vs. Literal
Coverity’s model for bsearch assumes that bsearch access the key on the full width of the key. If bsearch is given a fixed (max) size table, and say strcmp as compare function, then in reality when bsearch is called with a small literal as key, then all is good. Alas Coverity thinks that bsearch will read beyond the end of the literal, even though strcmp will not.
NO_EFFECT on var_arg
On Windows we currently have a NO_EFFECT warning on all uses of va_args
TAINTED_SCALAR
Coverity to warn for uses of tainted data, data that might be controlled by an attacker. This may lead to data corruption, code injection,...
When possible Coverity reports additional defects describing the dangerous use of the tainted data INTEGER_OVERFLOW.
RW.LITERAL_OPERATOR_NOT_FOUND on printf with TEL_Format
When using TEL defined format such as TEL_Flpu, TEL_Fsu, TEL_Fpid ,... Coverity sometimes requires a space before the 'T' from TEL_Fxxx.
TAINTED_STRING
Coverity to warn for uses of tainted data, data that might be controlled by an attacker. This may lead to data corruption, code injection, SQL injection, directory traversal,
PW.PRINTF_ARG_MISMATCH - * precision or * size vs. size_t or ptrdiff_t parameters
64 bits builds or scans - The C-Standard states that the * precision or size are of type int. This is generally 4 bytes. On 64 bits builds size_t and ptrdiff_t are 8 bytes.
If I had submitted a fix yesterday, today’s Coverity Connect continue to report the defect. Review collected by and hosted on G2.com.
helps development and security teams address security and quality defects early in the software development life cycle (SDLC),
Best thing about Coverity is highly accurate, supports thousands of developers, and quickly analyzes large projects exceeding 100 million lines of code. Review collected by and hosted on G2.com.
Few pointers definitely needs improvement would be resources leaks. dereferences of NULL pointers. incorrect usage of APIs. Review collected by and hosted on G2.com.
Its user friendly UI. It easy to browse code using Coverity and it also briefly describes about the issue. Review collected by and hosted on G2.com.
I was facing issue in categorising the Coverity issues. Review collected by and hosted on G2.com.
It is easy to use the tool. And helps to find any issue that is overlooked in manual review. Review collected by and hosted on G2.com.
The tool is pretty good. It is easy to set up with proper guidelines. Review collected by and hosted on G2.com.
Excellent User Interface and server-side features. The Coverity support team is also very responsive Review collected by and hosted on G2.com.
I did not find any such attribute during my experience Review collected by and hosted on G2.com.
