Coverity is the best static code analyzer. It's actually a beast with so many functionalities. It's a must-have tool for all enterprises. I like the following features the most.
- Nice Graphical interface
- Plugins/integration with different code repositories/build frameworks.
- SSO / LDAP integration to login.
- Not very tough to learn the controls.
- Detailed information for each defect.
- Generation of detailed Coverity reports
- Ability to filter / control various issues / defects.
The entire coverity System is not a simple product. You need to spend some time to get used to their controls and all the functionalities. Sometimes, we see a lot of false negatives in the static code analysis. Even after marking some defects as invalid, we still see the same issues again and again.
The main use of Coverity is to do static code analysis. It helps to discover a lot of issues with the badly written code (buffer overflows, NULL de-reference, dangling pointer etc). This also helps to fix major security issues in the code which is very very important in the software development life cycle.