Coverity vs SonarQube

Coverity vs SonarQube

Coverity ： Security analysis tool

SonarQube：Development Code Quality analysis tool

Feature	Coverity	SonarQube
Analysis	Low false positive ratio Ability to eliminate false positives Provides a Security Issues view Provides a High Impact Issues view Supports auto assignment of new issues via SCM Supports auto generation of email notifications for new, dismissed, or assigned issues Detects memory issues Detects concurrent issues Provides OWASP Top 10 & SANS Top 25 views Ranks issues based on impact Can exclude certain paths from analysis Marks a baseline Detects dead code Detects buffer overflows / underuns Detects deadlocks Shows the code execution path for a finding	Provides a High Impact Issues view Supports auto assignment of new issues via SCM Supports auto generation of email notifications for new, dismissed, or assigned issues Detects memory issues Detects concurrent issues Provides OWASP Top 10 & SANS Top 25 views Ranks issues based on impact Can exclude certain paths from analysis
IDEs support	Android Studio Eclipse IBM Rational Team Concert IntelliJ IDEA, WebStorm, RubyMine, PhpStorm, PyCharm MS Visual Studio QNX Momentics Team Foundation Server Wind River Workbench Jenkins	Eclipse IntelliJ IDEA MS Visual Studio VS Code Atom
Supported Languages	https://www.synopsys.com/content/dam/synopsys/sig-assets/datasheets/SAST-Coverity-datasheet.pdf (pages 3-4)	Static Code Inspection & Code Analysis Tools | SonarQube
Supported Frameworks	https://www.synopsys.com/content/dam/synopsys/sig-assets/datasheets/SAST-Coverity-datasheet.pdf (page 3)	N/A
Compilers	ARM C/C++ Borland C++ CEVA-XC4500 Clang Cosmic C Freescale CodeWarrior GNU GCC/G++ Green Hills C/C++/EC++ HI-TECH PICC HP aCC IAR C/C++ IBM AIX IBM XLC Intel C++ JDK for Mac OS X Keil compilers Marvell MSA MPLAB XC8 OpenJDK QNX C/C++ Renesas C/C++ SNC C/C++ SNC GNU C/C++ Sony ORBIS SDK Sony PS4 STMicroelectronics GNU C/C++ STMicroelectronics ST Micro C/C++ Sun (Oracle) CC Sun/Oracle JDK Synopsys MetaWare C and C++ TASKING for ARM Cortex TI Code Composer Visual Studio VisualDSP++ Wind River C/C++ (This list is not exclusive)	Any version of CLang, GCC and Microsoft C/C++ compilers  Any version of Intel compiler for Linux and OS X  ARM5 and ARM6 compilers  IAR compiler for ARM, Renesas RL78, Renesas RX, Renesas V850, Texas Instruments MSP430 and for 8051  Compilers based wholly on GCC including for instance Linaro GCC and WindRiver GCC are also supported JDK/JRE 8, 9, 10 MSBuild 14+
Checkers & Rules	https://coverity-qa.swtools.honeywell.com/doc/en/cov_checker_ref.html#issues_by_checker	https://sonarqube.honeywell.com/coding_rules