TrustRadius

SonarQube for IDE vs. Coverity Static Analysis (SAST)

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
SonarQube for IDE
Score 8.3 out of 10
N/A
SonarQube for IDE is a free IDE plugin that helps developers by detecting and highlighting issues in their code in real time. Like a spell checker, SonarLint detects Bugs, code smells, and Security Vulnerabilities as code is written, and offers guidance.
$0
Synopsys Coverity
Score 8.3 out of 10
N/A
Synopsys offers the Coverity static application security testing (SAST) solution, to help users build software that’s more secure, higher-quality, and compliant with standards.N/A
Pricing
SonarQube for IDECoverity Static Analysis (SAST)
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
SonarQube for IDESynopsys Coverity
Free Trial
YesNo
Free/Freemium Version
YesNo
Premium Consulting/Integration Services
NoYes
Entry-level Setup FeeNo setup feeOptional
Additional DetailsContact the Synopsys Software Integrity Group (SIG) Sales team at https://www.synopsys.com/software-integrity/contact-sales.html for more detailed pricing information.
More Pricing Information
Community Pulse
SonarQube for IDECoverity Static Analysis (SAST)
Best Alternatives
SonarQube for IDECoverity Static Analysis (SAST)
Small Businesses
Microsoft Visual Studio Code
Microsoft Visual Studio Code
Score 9.3 out of 10
GitLab
GitLab
Score 8.7 out of 10
Medium-sized Companies
Microsoft Visual Studio Code
Microsoft Visual Studio Code
Score 9.3 out of 10
Veracode
Veracode
Score 8.9 out of 10
Enterprises
Microsoft Visual Studio Code
Microsoft Visual Studio Code
Score 9.3 out of 10
Veracode
Veracode
Score 8.9 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
SonarQube for IDECoverity Static Analysis (SAST)
Likelihood to Recommend
8.0
(1 ratings)
9.0
(1 ratings)
User Testimonials
SonarQube for IDECoverity Static Analysis (SAST)
Likelihood to Recommend
Sonar
No answers on this topic
Synopsys
Best suits for large scale and dynamic development environment. It may be best tool if you want to release your apps with less TAT. However if you have a CRM tool which is COTS product it can offer little help. Even then you should be familiar with what features of Coverity Static Analysis (SAST) are helpful for your development environment
Rahul Deshmukh | TrustRadius Reviewer
Rahul Deshmukh
Security Solutions Architect
Read full review
Pros
Sonar
  • SonarLint highlights all the issues in our codes and also displays the severity of each issue.
  • SonarLint also provides suggestions for how to fix those code issues which are highlighted.
  • SonarLint starts the processing of the file as soon as it is opened and highlights all the issues which it found.
  • When we fix the issue, we don't even need to create a new build or generate fresh code quality report, as soon as we save the file with the changes, it does the processing again and shows the result if the issue is fixed or not.
  • SonarLint saves a lot of time and effort by saving us from doing fresh build every time and generating new code quality report every time, thus increasing the efficiency and output which is in return beneficial for the client.
SJ
shaurya jain
digital tech developer associate
Read full review
Synopsys
  • It can provide security scanning dashboard
  • Help detect vulnerabilities and recommend remediation
  • Integration of devsecops helps speed up release cycles
Rahul Deshmukh | TrustRadius Reviewer
Rahul Deshmukh
Security Solutions Architect
Read full review
Cons
Sonar
  • Sometimes, SonarLint does not highlight the issues in the code correctly.
  • The severity of the issues highlighted is according to the default rules set, we should also be given authority to set the severity of the issues.
  • The default fixes which SonarLint provides should be more enhanced and there should be more fixes available.
  • Sometimes it takes a lot of time for processing of the file when any new file is loaded or changes are saved in a file.
SJ
shaurya jain
digital tech developer associate
Read full review
Synopsys
  • Coverage of integration with other security tools can be improved
  • Customisation of dashboard to enable customer choice of tracking
  • Showcase devsecops progressive tasks from SLA and violation from code scanner perspective
Rahul Deshmukh | TrustRadius Reviewer
Rahul Deshmukh
Security Solutions Architect
Read full review
Alternatives Considered
Sonar
SonarLint works along with SonarQube
SJ
shaurya jain
digital tech developer associate
Read full review
Synopsys
Coverity Static Analysis (SAST) has wide coverage in terms of Owasp Top 10 vulnerabilities, various types of languages, backward integration. While other tools offer similar experience of code scanning, coverity helps in pointed recommendations for quick closure of vulnerabilities. The historical analysis of vulnerabilities is a good value add in understanding which type of code and which language is better in improving cyber security maturity.
Rahul Deshmukh | TrustRadius Reviewer
Rahul Deshmukh
Security Solutions Architect
Read full review
Return on Investment
Sonar
  • SonarLint helps in achieving all the business requirements in a more efficient way.
  • It reduces the manual and redundant work which we would have to do else every time if we did not use SonarLint.
  • SonarLint helps in maintaining code quality, and thus also highlights the loopholes for the cyber attacks and phishing attacks.
  • SonarLint makes work easy and helps the developer to invest less time in manual work thereby increasing their capacity to deliver the maximum output to the client.
SJ
shaurya jain
digital tech developer associate
Read full review
Synopsys
  • Helped reduce efforts of development team avoiding rework
  • Increased security maturity
  • Increased efficiency of the teams
Rahul Deshmukh | TrustRadius Reviewer
Rahul Deshmukh
Security Solutions Architect
Read full review
ScreenShots

SonarQube for IDE Screenshots

Screenshot of where SonarQube for IDE identifies and highlights issues in a Java project within VS Code. It also explains why this is an issue, how to fix it, and offers more educational content to help developers grow. SonarLint uncovers issues in over 30 languages, frameworks and IaC platforms. SonarLint is available for VS Code, Visual Studio, Eclipse and JetBrains IDEs.Screenshot of how when connected to either SonarCloud or SonarQube the developer can leverage SonarQube for IDE to identify complex bugs, share code quality expectations with their team, perform deeper issue analysis, enjoy smart notifications, and unlock additional language analysis opportunities. Connecting is easy and guided for a rapid setup, as seen here in the image.

Synopsys Coverity Screenshots

Screenshot of Coverity works with the Code Sight™ IDE plugin, enabling developers to find and fix security and quality defects as they write code.Screenshot of Coverity provides broad security and quality checker support for 21 languages and over 70 frameworks.