Overall experience is very awesome. It is helping our team to manage the source code along with the desired quality of code.

1. It does more than just verifying and inspecting the source code. 2. Easily detects an issue in source and provides a way to make your code optimized in terms of logic and line of code. 3. It has very promising feature which provides a faster way to debug and analyze the code. 4. The tool is pretty good and it is easy to setup with proper guidelines.

1. Some plugins are getting crashed suddenly which needs to be taken care. 2. Need some more marketing efforts as most of the developers are not known about this tool. 3. Some enhancements in UI will improve user experience. 4. It becomes very slow while dealing with large projects.

We were able to rememdiate quite a handful of security issues in the application.

We used Coverity as a SAST for our .NET, JAVA and JS. Coverity does have a higher detection rate hence we relied heavily on this tool for identifying the vulnerabilities. We had also integrated this Coverity to our CI/CD Pipeline, this helped us easily manage the deployment as well. It provides a mechanism to audit the findings and mark false positives in an effecient way.

Time it takes to scan huge code lines is significantly slower when compared to other tools. Coverity does have a very high number of false positives which at a points gets on the nerves of developers as well as security engineers. There were few vulnerabilities which were not identified by the tool.

Coverity is a powerful and widely respected SAST tool that can help teams to identify and fix security vulnerabilities in their code more efficiently and effectively.

One of the most notable strengths of Coverity is its accuracy in identifying security vulnerabilities in code. It uses advanced static analysis techniques to scan code for a wide range of vulnerabilities, including buffer overflows, memory leaks, and null pointer dereferences.

A potential downside of Coverity is that it can generate a large number of false positives, particularly when scanning complex or legacy codebases. This can make it difficult for development teams to prioritize and address the most critical security vulnerabilities, and may lead to frustration or confusion among team members.

Static code analysis for identifying issues

Very good for embedded development and very effective in detecting hard-to-find bugs. Very low false positive rate. It supports wide variety of platforms and with number of different compilers.

Analysis Result dashboard can be more user friendly. Easy integration with bug tracking tool can add value.

Helps automating code review and improve code quality with no effort. A very responsive user interface, easy to setup and customize, with lots of features and options making it very flexible and adaptable to your needs. I appreciated the fine detection of bugs which have been undetected by competitors' tool.

Documentation and customer support could be improved.

Ease of use, Effective in embedded development, supports cross platform development and compilers. Useful for finding the corner cases and minute bugs

interface and screens can be made simpler and more user interactive in few cases. possibility of customized functions needed