We performed a comparison between Coverity and GitHub Code Scanning based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST)."Coverity is scalable."
"It has the lowest false positives."
"The most valuable feature is that there were not a whole lot of false positives, at least on the codebases that I looked at."
"The security analysis features are the most valuable features of this solution."
"The most valuable feature is the integration with Jenkins."
"The product has deeper scanning capabilities."
"Provides software security, and helps to find potential security bugs or defects."
"The interface of Coverity is quite good, and it is also easy to use."
"We use GitHub Code Scanning mostly for source code management."
"Sometimes it's a bit hard to figure out how to use the product’s UI."
"Right now, the Coverity executable is around 1.2GB to download. If they can reduce it to approximately 600 or 700MB, that would be great. If they decrease the executable, it will be much easier to work in an environment like Docker."
"Coverity is far from perfection, and I'm not 100 percent sure it's helping me find what I need to find in my role. We need exactly what we are looking for, i.e. security errors and vulnerabilities. It doesn't seem to be reporting while we are changing our code."
"Some features are not performing well, like duplicate detection and switch case situations."
"Sometimes, vulnerabilities remain unidentified even after setting up the rules."
"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."
"The product should include more customization options. The analytics is not as deep as compared to SonarQube."
"I would like to see integration with popular IDEs, such as Eclipse."
"GitHub Code Scanning should add more templates."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 33 reviews while GitHub Code Scanning is ranked 20th in Static Application Security Testing (SAST) with 1 review. Coverity is rated 7.8, while GitHub Code Scanning is rated 10.0. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of GitHub Code Scanning writes "A highly stable solution that can be used for source code management". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas GitHub Code Scanning is most compared with SonarCloud, SonarQube, Polaris Software Integrity Platform and Veracode.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
