Does anyone know of a Coverity vs. IAR's C-STAT head-to-head comparison or review?
I'm looking into different tools. IAR has been used by my company in the past. Higher-ups have shown an interest in Coverity. I'm trying to do a comparative analysis between them.
IAR's C-STAT analysis primarily focuses on MISRA and other compliance checkers. It does have some basic quality checkers. Coverity has a large number of quality and security checkers - the focus for Coverity is finding real bugs as opposed to ensuring you adhere to a coding standard (such as MISRA). Coverity also has excellent inter-procedural analysis and extremely low False Positive rates.
While right now these two tools have very little overlap, Coverity has begun adding compliance checkers and will soon offer the same coding standard coverage while also finding real bugs.
I am admittedly biased - I work on the Coverity product. I do honestly believe, however, that Coverity is the best tool of its kind on the market.