Github user jdanekrh commented on the pull request:
There are ways. Suppressions can be provided, in multiple ways (special
form commits in source, or what Coverity calls "modeling files"), the daily
report e-mail could be copied to project mailinglist for quick triage, ...
FindBugs/SpotBugs can be executed locally on dev machines.
There is fairly massive backlog of things in Coverity already (over 1000
items) and that can be used to get an idea of things it flags and to estimate
future false positive rate.