Name: Coverity Static Application Security Testing
Rating: 4.4 (156 reviews)

Overview

Product Information on Coverity Static Application Security Testing

Updated 3rd June 2022

What is Coverity Static Application Security Testing?

Coverity® is a fast, accurate, and highly scalable static analysis (SAST) solution that helps development and security teams address security and quality defects in source code early in the software development life cycle (SDLC), track and manage risks across the application portfolio, and ensure compliance with security and coding standards, including: OWASP Top 10, CWE Top 25, PCI DSS, MISRA®, CERT C/C++, CERT Java, DISA STIG, ISO 26262, ISO/IEC TS 17961, and AUTOSAR®. Coverity provides a broad set of security and quality checkers for over 20 languages and 70 frameworks, as well as commonly used infrastructure-as-code (IaC) platforms and file formats. Coverity supports both cloud and on-premises deployment. It supports automated scanning with a wide range of continuous integration (CI) and source code management (SCM) platforms. In addition, static analysis can be performed at the developer desktop when Coverity is used on conjunction with the Code Sight IDE plug-in.

Overall experience with Coverity Static Application Security Testing

IT Manager

1B - 3B USD, Consumer Goods

FAVORABLE

“Solid Software Quality and Support With Occasional Delays in Scanning Speed”

4.0

Feb 25, 2026

Good quality software and very good communication with the support team to address issues.

Security Architect

50M - 250M USD, Software

CRITICAL

“Navigating the Limited Market of Firmware Support Tools”

3.0

May 29, 2024

There are only 3 products in the market that support firmware code and this is one of them. I rated it average because it's not truly exceptional or outstanding. This product is similar to other tools. I'm not feeling very generous so 3 stars is still a thumbs-up.

About Company

Company Description

Black Duck builds trust in software by enabling organizations to manage application security, quality, and compliance risks at the speed their business demands. Black Duck solutions help developers to secure code as fast as they write it, development and DevSecOps teams to automate testing within development pipelines without compromising velocity, and security teams to proactively manage risk and focus remediation efforts on what matters most. With Black Duck, organizations can transform the way they build and deliver software, aligning people, processes, and technology to intelligently address software risks across their portfolio and at all stages of the application lifecycle.

Company Details

Year Founded

2002

Head office location

Burlington, United States

Number of employees

1001 - 5000

Website

https://blackduck.com

Do You Manage Peer Insights at Black Duck?

Access Vendor Portal to update and manage your profile.

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

Reviewer Insights for: Coverity Static Application Security Testing

Performance of Coverity Static Application Security Testing Across Market Features

Coverity Static Application Security Testing Likes & Dislikes

automation, integration capabilities and compatibility.

Support is good.

The initial set of security rules. When we demonstrate our security capabilities and exercise, especially for customers in specific industries like auto and health, we say weve used Coverity to check if the source code meets MISRA or HIPAA, customers know our effort very quickly, and theres no more negotiation cost. That is what a great product needs, which helps the whole industry to reach an agreement very soon.

Scanning time is sometimes too slow.

UI and False positives. Vendor offers triaging service for extra cost.

The user interface, Coverity's UI is not easy to understand, and the users need some time to get to know this platform. It shall ref the popular consumer products, release a modern version to make the tool easy to use, and up to date. Currently the UX does not match the high reputation it grants.

Top Coverity Static Application Security Testing Alternatives

Peer Discussions

Coverity Static Application Security Testing Reviews and Ratings

Recommended Gartner Insights

1B-10B USD

Consumer Goods

Review Source

Solid Software Quality and Support With Occasional Delays in Scanning Speed

SECURITY & RISK MANAGEMENT

50M-1B USD

Telecommunication

Coverity Simplifies Code Security for Industry Standards but UI Presents Challenges

5.0

Jun 26, 2025

As a well-known source code quality and security detector, Coverity supports individual standards and customized rules. The product supports rapid analysis of source code submissions, which helps the engineer a lot. Coverity's reputation is extremely outstanding, as customers know we pick Coverity as SAST solution, the doubts sharpens down and trust grows up. It also complements with Black Duck, to provide a detailed analysis for end-to-end security detection.

IT SECURITY & RISK MANAGEMENT ASSOCIATE

Banking

Ease of Use and Low False Positives: The Highlight of Coverity

Aug 1, 2024

Low amount of false positives, ease to use and you can integrate it directly with most of CI/CDs

Software

Navigating the Limited Market of Firmware Support Tools

Subject matter expert

Could provide more help in terms of risk management and development mitigations.

2.0

Dec 11, 2023

These are the main drawbacks I've seen: 1) The web interface does not allow you to change the default security risk level associated with the vulnerability. It's quite annoying having to write the modified risk level in the description because then you cannot search for them later. 2) It lacks of a proposed solution. I think it needs to provide at least a generic solution or a curated list of references according to the programming language in which the vulnerability was found. 3) It would nice if they improve their search filters. There are a lot of filters/conditions for searching and would be helpful if you could save previously used search filters.

Overview

Product Information on Coverity Static Application Security Testing

What is Coverity Static Application Security Testing?

Coverity Static Application Security Testing Pricing

Coverity Static Application Security Testing Product Images

Overall experience with Coverity Static Application Security Testing

“Solid Software Quality and Support With Occasional Delays in Scanning Speed”

“Navigating the Limited Market of Firmware Support Tools”

About Company

Company Description

Company Details

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

Reviewer Insights for: Coverity Static Application Security Testing

Performance of Coverity Static Application Security Testing Across Market Features

Coverity Static Application Security Testing Likes & Dislikes

Top Coverity Static Application Security Testing Alternatives

Peer Discussions

Coverity Static Application Security Testing Reviews and Ratings

Recommended Gartner Insights

About Company

Company Description

Company Details

Reviewer Insights for: Coverity Static Application Security Testing

Performance of Coverity Static Application Security Testing Across Market Features

Coverity Static Application Security Testing Likes & Dislikes

Recommended Gartner Insights

Top Coverity Static Application Security Testing Alternatives

Coverity Static Application Security Testing Reviews and Ratings

1. Veracode

2. Checkmarx SAST

3. Fluid Attacks Continuous Hacking

Solid Software Quality and Support With Occasional Delays in Scanning Speed

Coverity Simplifies Code Security for Industry Standards but UI Presents Challenges

Ease of Use and Low False Positives: The Highlight of Coverity

Navigating the Limited Market of Firmware Support Tools

Could provide more help in terms of risk management and development mitigations.

4.4

(156 Ratings)

Rating Distribution

Customer Experience

Product Capabilities