Coverity Scan

“I manage Coverity Scan for the Tesseract OCR project Coverity Scan had be very helpful to find various bugs in the code, but since about a year it no longer allows configuring components for Tesseract OCR. That makes reports less useful.”

“Perfect for our small team of developers . With Coverity we have a good program which supports us .”

“Within minutes we were able to narrow down and fix some significant resource leaks that we were totally unaware even existed. We use Coverity at work now we can use it at home as well!”

“As a large project with a lot of legacy code, Coverity has helped understanding the quality of that code (and confirming/refusing the developers' hunches). And of course it helps keeping quality high for the better maintained parts.”

“Coverity helped me find some issues that were invisible even to Valgrind. It is a valuable tool to add to any C developer's arsenal against the bugs.”

“Coverity Scan helps us find defects in our software - which after ten years of development - are of course still to be found. While it's not perfect, it got us started and interested in fixing more issues and improving the overall stability of our project.”

“Coverity allows use to execute a weekly static analysis on the whole sources and keeps spotting issues that would go unnoticed otherwise. It's also changing the mind of developers to pay more attention about possible NULL dereference and uninitialized values.”

“With Coverity Scan, newer issues when they are getting introduced, are getting jumped on faster than before”

“When run against the CPython code base for the first time, Coverty Scan found several actual bugs and even security issues.”

“Coverity Scan identified the path_in() vulnerability; code inspection led to the rest.”

“The open source tools are good, and improving, but Coverity currently provides a superior experience.”

“Coverity remains the single most useful tool I've used.”

“Coverity is really great and its web GUI is fun to use, too. I was able to identify and fix resource leaks, NULL pointer issues, buffer overflows and missing checks all over the place.”

“If you contribute to an open source project, you should be using Coverity Scan. It will likely find bugs that can certainly have security implications in your code.”

“Coverity points out that we do not free [the memory] in one case and sure enough we forgot.”

“We've run our code through Coverity Scan, and as a result, we've been alerted to potential future security issues within our products. We are grateful to Coverity for this fine service”

“Vulnerability Notifications- We recommend all administrators upgrade immediately. The vulnerability was created in commit. Coverity scan discovered it.”

“For those who have either never used static analysis tools, don't fall into the trap of thinking that gcc-pedantic-Wall or even LLVM's scan-build should be 'good enough for anyone'”

“For more than 2100 issues reported, every issue was inspected, and now all reported issues are resolved.”

“The reports from Coverity are a valuable contribution to - among others - the LibreOffice development process. ”

“Coverity's static source code analysis has proven to be an effective step towards furthering the quality and security of Linux”

“Coverity is a code-analysis tool - an extremely good one, probably at this moment the best in the world.”

“Several other Coverity issues have been resolved and their fixes have made their way into release candidate 7. I've no doubt that Coverity is adding value to our project.”

“Ah, that's cool. Pretty neat that an automated tool can catch mutex lock problems in conditional statements wrapped in macros! I'm impressed.”

“Coverity performs very deep analysis and its results may well surprise you...but rather that than unexpected surprises for your users.”

“You have a very good product and provide a great service to the open source community (certainly to the Linux kernel community).”

“Thank you guys for making such an awesome tool accessible to the open source community!”