Free Coverity Scan Alternatives

Alternatives list

1. 

   

   SonarQube

    28 likes

   SonarQube is an open source quality management platform, dedicated to continuously analyze and measure source code quality, from the portfolio to the method. Static code analysis is available in the "Community Edition" (free / open source) for:

   32 SonarQube alternatives

   Cost / License

   • Freemium
   • Open Source (LGPL-3.0)

   Origin

   • Switzerland

   Platforms

   • Mac
   • Windows
   • Linux
   • Online

   

   More about SonarQube  

   

   C

   Is SonarQube a good alternative to Coverity Scan?

    
2. 

   

   Shellcheck

    5 likes

   A simple tool for finding bugs in shell scripts.

   Cost / License

   • Free
   • Open Source (GPL-3.0)

   Origin

   • Norway

   Platforms

   • Online
   • Visual Studio Code
   • Vim
   • Sublime Text
   • GNU Emacs
   • Atom

   

   More about Shellcheck  

   

   C

   Is Shellcheck a good alternative to Coverity Scan?

    
4. 

   

   Cppcheck

    23 likes

   Cppcheck is an static analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools it does not detect syntax errors in the code. Cppcheck primarily detects the types of bugs that the compilers normally do not detect.

   Cost / License

   • Free
   • Open Source (GPL-3.0)

   Origin

   • Sweden
   • EU

   Platforms

   • Windows
   • Linux
   • PortableApps.com
   • Eclipse

   

   More about Cppcheck  

   

   C

   Is Cppcheck a good alternative to Coverity Scan?

    
5. 

   

   SlowQL

    1 like

   SlowQL is a production-focused offline SQL static analyzer that catches security vulnerabilities, performance regressions, reliability issues, compliance risks, cost inefficiencies, and code quality problems before they reach production.

   Cost / License

   • Free
   • Open Source

   Origin

   • Canada

   Platforms

   • Docker
   • Windows
   • Mac
   • Linux

   

   More about SlowQL  

   

   C

   Is SlowQL a good alternative to Coverity Scan?

    
6. 

   

   Flawfinder

    3 likes

   Flawfinder examines C/C++ source code and reports possible security weaknesses ("flaws'') sorted by risk level. It's very useful for quickly finding and removing at least some potential security problems before a program is widely released to the public.

   Cost / License

   • Free
   • Open Source (GPL-2.0)

   Origin

   • United States

   Platforms

   • Windows
   • Linux

   

   C

   Is Flawfinder a good alternative to Coverity Scan?

    
7. S

   S

   Splint

    2 likes

   Splint is a tool for statically checking C programs for security vulnerabilities and coding mistakes. With minimal effort, Splint can be used as a better lint. If additional effort is invested adding annotations to programs, Splint can perform stronger checking than can be done...

   Cost / License

   • Free
   • Open Source

   Alerts

   • Discontinued

   Platforms

   • Windows
   • Linux

   S

   C

   Is Splint a good alternative to Coverity Scan?

    
9. C

   C

   Clang Static Analyzer

    Like

   The Clang Static Analyzer is a source code analysis tool that finds bugs in C, C++, and Objective-C programs.

   9 Clang Static Analyzer alternatives

   Cost / License

   • Free
   • Open Source

   Platforms

   • Mac
   • Xcode

   

   

   More about Clang Static Analyzer  

   C

   C

   Is this a good alternative to Coverity Scan?

    
10. 

    

    Infer

     Like

    Facebook Infer is a static analysis tool - if you give Infer some Objective-C, Java, or C code, it produces a list of potential bugs.

    Cost / License

    • Free
    • Open Source

    Origin

    • United States

    Platforms

    • Linux

    

    C

    Is Infer a good alternative to Coverity Scan?

     
11. E

    E

    EDoC++

     Like

    EDoC++ is a C++ source analysis tool designed to identify problems associated with the use of exceptions in C++ code. Additionally EDoC++ can be used to generate detailed documentation

    Cost / License

    • Free
    • Open Source

    Platforms

    • Windows

    E

    C

    Is EDoC++ a good alternative to Coverity Scan?

     
12. 

    

    Semgrep

     Like

    Semgrep is a fast, open-source, static analysis tool that excels at expressing code standards — without complicated queries — and surfacing bugs early at editor, commit, and CI time. Precise rules look like the code you’re searching; no more traversing abstract syntax trees or...

    Cost / License

    • Freemium
    • Open Source (LGPL-2.1)

    Origin

    • United States

    Platforms

    • Mac
    • Windows
    • Linux

    

    C

    Is Semgrep a good alternative to Coverity Scan?

     
13. 

    

    OrchestrAI

     Like

    Go from prototype to production with AI-driven code quality, security, compliance, orchestration, testing and documentation.

    Cost / License

    • Freemium
    • Proprietary

    Platforms

    • Online

    

    

    

    +3

    

    More about OrchestrAI  

    

    C

    Is OrchestrAI a good alternative to Coverity Scan?

     
14. 

    

    Opengrep

     Like

    We’re excited to introduce Opengrep, an open-source static code analysis engine built to ensure code security testing remains truly open and accessible to everyone. 🚀

    27 Opengrep alternatives

    Cost / License

    • Free
    • Open Source (LGPL-2.1)

    Platforms

    • Mac
    • Linux

    

    

    

    +2

    

    More about Opengrep  

    

    C

    Is Opengrep a good alternative to Coverity Scan?