The code coverage feature is very good. Coverity Scan - Find and fix defects in your Java, C/C++ or C# open source project for free. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline, and empowers developers to find and fix security defects.Synopsys Static Analysis helps reduce risk and lower overall project cost by identifying critical quality defects and potential security vulnerabilities during development, with accurate and actionable remediation guidance, based on patented techniques and a decade of research and development and analysis of over 10 billion lines of proprietary and open source code.We asked business professionals to review the solutions they use. Coverity Scan and SonarQube can be categorized as "Code Review" tools. Veracode covers all your Application Security needs in one solution through a combination of five analysis types; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. SonarQube is open-source and Coverity requires a license for production. Coverity is ranked 11th in Application Security with 5 reviews while SonarQube is ranked 1st in Application Security with 18 reviews.
SonarQube rates 4.3/5 stars with 23 reviews. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline, and empowers developers to find and fix security defects.Synopsys Static Analysis helps reduce risk and lower overall project cost by identifying critical quality defects and potential security vulnerabilities during development, with accurate and actionable remediation guidance, based on patented techniques and a decade of research and development and analysis of over 10 billion lines of proprietary and open source code.We asked business professionals to review the solutions they use. SonarQube - Continuous Code Quality
Coverity rates 4.2/5 stars with 38 reviews. Klocwork detects security, safety, and reliability issues in real-time by using this static code analysis toolkit that works alongside developers, finding issues as early as possible, and integrates with teams, supporting continuous integration and actionable reporting.Veracode covers all your Application Security needs in one solution through a combination of five analysis types; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. SonarQube provides an overview of the overall health of your source code and even more importantly, it highlights issues found on new code. The top reviewer of Coverity writes "Improves security by detecting vulnerabilities in code, but it needs integration with popular development environments". If code coverage is a low number then that's of great value to me. GitCop - Automated Commit Message Validation for GitHub Pull Requests.
SonarQube is good for checking and maintaining code quality. Here are some excerpts of what they said: Researched SonarQube but chose Coverity: Improves security by detecting vulnerabilities in code, but it needs integration with popular development environments