Coverity Scan vs SonarQube

Need advice about which tool to choose?Ask the StackShare community!

Coverity Scan

37
152
+ 1
0
SonarQube

1.3K
1.6K
+ 1
42
Add tool

Coverity Scan vs SonarQube: What are the differences?

Developers describe Coverity Scan as "Find and fix defects in your Java, C/C++ or C# open source project for free". Coverity's implementation of static analysis can follow all the possible paths of execution through source code (including interprocedurally) and find defects and vulnerabilities caused by the conjunction of statements that are not errors independent of each other. On the other hand, SonarQube is detailed as "Continuous Code Quality". SonarQube provides an overview of the overall health of your source code and even more importantly, it highlights issues found on new code. With a Quality Gate set on your project, you will simply fix the Leak and start mechanically improving.

Coverity Scan and SonarQube can be categorized as "Code Review" tools.

SonarQube is an open source tool with 3.78K GitHub stars and 1.06K GitHub forks. Here's a link to SonarQube's open source repository on GitHub.

Get Advice from developers at your company using Private StackShare. Sign up for Private StackShare.
Learn More
Pros of Coverity Scan
Pros of SonarQube
    Be the first to leave a pro
    • 22
      Tracks code complexity and smell trends
    • 13
      IDE Integration
    • 7
      Complete code Review

    Sign up to add or upvote prosMake informed product decisions

    Cons of Coverity Scan
    Cons of SonarQube
      Be the first to leave a con
      • 7
        Sales process is long and unfriendly
      • 7
        Paid support is poor, techs arrogant and unhelpful

      Sign up to add or upvote consMake informed product decisions

      - No public GitHub repository available -

      What is Coverity Scan?

      Coverity's implementation of static analysis can follow all the possible paths of execution through source code (including interprocedurally) and find defects and vulnerabilities caused by the conjunction of statements that are not errors independent of each other.

      What is SonarQube?

      SonarQube provides an overview of the overall health of your source code and even more importantly, it highlights issues found on new code. With a Quality Gate set on your project, you will simply fix the Leak and start mechanically improving.

      Need advice about which tool to choose?Ask the StackShare community!

      Jobs that mention Coverity Scan and SonarQube as a desired skillset
      What companies use Coverity Scan?
      What companies use SonarQube?
      See which teams inside your own company are using Coverity Scan or SonarQube.
      Sign up for Private StackShareLearn More

      Sign up to get full access to all the companiesMake informed product decisions

      What tools integrate with Coverity Scan?
      What tools integrate with SonarQube?

      Sign up to get full access to all the tool integrationsMake informed product decisions

      What are some alternatives to Coverity Scan and SonarQube?
      Marvel
      A super simple tool that turns any image (including PSDs) or sketch into interactive prototypes for any device. Powered by Dropbox.
      ESLint
      A pluggable and configurable linter tool for identifying and reporting on patterns in JavaScript. Maintain your code quality with ease.
      Prettier
      Prettier is an opinionated code formatter. It enforces a consistent style by parsing your code and re-printing it with its own rules that take the maximum line length into account, wrapping code when necessary.
      TSLint
      An extensible static analysis tool that checks TypeScript code for readability, maintainability, and functionality errors. It is widely supported across modern editors & build systems and can be customized with your own lint rules, configurations, and formatters.
      Stylelint
      A mighty, modern CSS linter that helps you enforce consistent conventions and avoid errors in your stylesheets.
      See all alternatives