5 out of 5.0, Reviewed Nov 16, 2016
Product integrated cleanly with all of our different development environments. Server was easy to setup. License management was relatively straightforward. LDAP integration works nicely which is important to us. Support was readily provided, and timely, when integrating with some unusual configurations.
Make good use of their support, it's excellent.
The product is excellent, and is already paying for itself. The after-sales support has been very good.
It does require a fairly grunty PC to run it locally - slows down compilation time substantially for C++. Not unreasonably considering the results.
More licensing options would be nice. There used to be more, but they were simplified to only two models, which didn't fit our organisation terribly well. We worked it out in the end though.
I'd probably evaluate fewer competitors. Retrospectively it was obvious who the biggest players were in this sector.
5 out of 5.0, Reviewed Nov 9, 2016
Excellent sales and technical consulting support teams
Pay attention to security requirements early in the development process.
Develop more standards prior to deployment
5 out of 5.0, Reviewed Oct 19, 2016
Great support, included user training, and after-install review.
It does improve product quality and our users are very satisfied compared to the prior tools.
Costs and license management.
License management, and license costs. We spend too much time worrying about freeing up licenses to ensure they are paying for themselves. Also need to manually disable licenses and compare to AD lists, adding more management tasks.
Integration does not work through firewalls and proxies. We would like to integrate with JIRA but the tool exist in different security zones.
4 out of 5.0, Reviewed Oct 14, 2016
Good support from both Vendor and Technical Good product Good documentation Great staff
Don't be afraid to dig deep in the potential of Coverity.
Flexible, eficient, great added value.
Lot of hidden features that are not obvious. Training material is lacking.
The structure seems rigid and I have the feeling that selling is the bottom line. Even though the support is great, it feels like that supporting is not the priority.
Involvement of software engineer is important, so I would probably bring in more peoples to learn the tool.
Competent, fast, reliable.
5 out of 5.0, Reviewed Oct 14, 2016
We have been using Sysnopsys Codenomicon AppCheck (now called Protecode SC) as an early adopter. It's an innovative tool which provides a quick & straight-forward solution help us to address 3rd-party software vulnerabilties and license issue in software integration. it greatly improves the accuracy and agilty to cope with the complete product offerings at scale. AppCheck also provides learn ability to add vendor component.
We're happy with service and support which Synopsys team provides.
4 out of 5.0, Reviewed Oct 14, 2016
Coverity is the best static souce code analysis tool on the market today for C/C++. They provide a very mature product
Negotiate the pricing model to be one that isn't based on lines of code or per-user.
The product functionality is world class. It is the best static code analysis tool on the market. It was relatively easy to setup and put into a Jenkins continuously delivery system that provides accurate results daily to our development team.
The licensing model is based on lines of code or per-developer. It should be more flexible to allow a per-use model. They should also add in more platforms like XCode 8 with clang. We are using a Windows only system due to that limitation.
Change their licensing model so that it is more flexible based on usage not per developer on the team or the lines of code in the product. I wish they would also support XCode 8 and the clang compiler on the Mac OS X platform. We would also like to see a mobile offering that covers the Swift programming language.
Negotiate the cost of the overall solution to be lower. Their licensing model is either lines of code (which is not possible for products with as much source code as Adobe), or per-user which isn't the best either given that not all developers use the tool daily. I wish Coverity would provide an alternative licensing model that is bsaed on per-use instead.
Everytime Coverity releases a new version of their software Adobe Photoshop does need to work with their support to ensure it still compiles 100% of the codebase. The quality of their software is generally fantastic, but it could be better.
5 out of 5.0, Reviewed Oct 13, 2016
Synopsys provides a technically excellent product, then backs it up with effective and professional tech support. We can usually resolve any problems using internal resources, but when we reach out to tech support we usually have solutions within 24 hours. Synopsys has been very willing to work with us on suitable licensing terms and has a history of implementing our suggestions for improvements. Improvements in the product are significant from release to release.
Establish an in-house expert or two to help with project deployments. Integrate with Jenkins for rapid detection of issues.
Technical performance is excellent, with high-quality defect detection. False-positive rate is extremely low, which reinforces developer trust. New "developer intent" checkers like copy-paste provide great value. Tech support and field support are outstanding.
Coverity is a very expensive product. Technically, the access control configuration is very flexible but too complicated.
Initial deployment faltered until we put a small team of experts together to help with deployments across many projects. We should have done that sooner.
Tech support is very responsive and typically resolves issues within 24 hours. Field support, when needed, supplies highly experienced people who really have an impact.
5 out of 5.0, Reviewed Oct 13, 2016
They always share the roadmap. I like the fact that they are always forward thinking and very engaging the customers, e.g. not only providing the happy path but also learning from customer insights. The vendor is very responsive and I think that this is important, especially when it comes to production environments. Additionally, I was surprised that even our account manager understands the technology and secure development lifecycle very well, as oppose to "regular" sales people in the market.
Bring your best hands-on engineer/architect to the POC, as it requires a deep understanding of the tested product.
Seeker - it's an amazing approach to reducing false positives and find REAL exploits in the system. Coverity - it tries to ease the build automation process by integrating with bug tracking systems and its user interface is simple.
Seeker - not straight forward installation Coverity - while it is integrated with most of the build systems, it isn't integrated with TFS. Additionally, it doesn't support PHP security testing (yet).
Did I mention that my satisfaction rate is 5?
I'd expand the engagement of the engineering teams during the POC process.
Everything is done professionally and in a timely manner.
4 out of 5.0, Reviewed Oct 12, 2016
Coverity brings opportunities for improvements in productivity and quality, helps to achieve business goals and standardizes management processes at reasonable costs. Its wide range of applications allows one-fit-all implementation and relieves the burden of change management while preserving spaces for future enhancements and functionalities. If pluggable checkers, better integrations with issue management systems and more complete analysis on new languages could become official, Coverity would be our sole choice for coming years to assure business objectives.
Change management should be planned ahead. Once Coverity is taken into consideration for mass deployment, you will recognize that sluggishness in an adoption of the new tool may wipe out its feasibilities.
Since we are doing out-sourcing, Its capability of supporting wide range of programming languagues and ease of management are the best things among all whistles and bells.
Checkers cannot be extended by incorporating other analysis tools and sometimes, analysis results on new languages are too basic.
Trials could be distributed more freely, either with the limitation of time, user submissions or functionalities.
If there is another chance, Coverity is still among our first considerations. There are debates over functionalities versus pricing, but after all, you will value its ease of management & deployment - in our situation, a tool that fits 90% need of projects is better than 10% of perfection for several cases.
Except email integration problem, everything else works as expectation.
5 out of 5.0, Reviewed Oct 12, 2016
The overall experience is very good. Local sales staff, solid understanding of the industry, and proven capabilities. No bullshit in the sales phase, to the point and focused effort in the product itself.
Be aware of false positives. The existence of such makes service very hard to integrate into a functional SDL and makes it easier for the teams to reject the service.
Low the number of false positives. Good workflow, very agile support for implementation.
Massive complexity, but required for the complex task at hand. Would love tighter integrations with SDL by default.
More automation, less manual tinkering.
More focus on the mature state of the service when implemented to ensure easy integration with operations when implemented.