We performed a comparison between Coverity and GitLab based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's very stable."
"Coverity is scalable."
"This solution is easy to use."
"The features I find most valuable is that our entire company can publish the analysis results into our central space."
"It is a scalable solution."
"I like Coverity's capability to scan codes once we push it. We don't need more time to review our colleagues' codes. Its UI is pretty straightforward."
"We were very comfortable with the initial setup."
"The product has deeper scanning capabilities."
"It is scalable."
"It speeds up our development, it's faster, safer, and more convenient."
"The best thing is that as the developers work on separate tasks, all of the code goes there and the other team members don't have to wait on each other to finish."
"GitLab offers a good interface for doing code reviews between two colleagues."
"I have found the most valuable features of GitLab are the GitClone, GitPush, GitPull, GitMatch, GitMit, GitCommit, and GitStatus."
"I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently."
"I have found the most valuable feature is security control. I also like the branching and cloning software."
"We're only using the basic features of GitLab and haven't used any advanced features. The solution works fine, so that's what we like about GitLab. We're party using GitHub and GitLab. We have a GitHub server, while we use GitLab locally or only within our team, and it works okay. We don't have any significant problems with the solution. We also found the straightforward setup, stability, and scalability of GitLab valuable."
"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."
"The tool needs to improve its reporting."
"Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better."
"It should be easier to specify your own validation routines and sanitation routines."
"Some features are not performing well, like duplicate detection and switch case situations."
"The level of vulnerability that this solution covers could be improved compared to other open source tools."
"Right now, the Coverity executable is around 1.2GB to download. If they can reduce it to approximately 600 or 700MB, that would be great. If they decrease the executable, it will be much easier to work in an environment like Docker."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"The initial setup was quite challenging because it takes some time to understand how to pull out or push the code."
"GitLab's Windows version is yet not available and having this would be an improvement."
"It can be free for commercial use."
"I don't really like the new Kubernetes integration because it is pretty focused on the on-premise environment, but we're in a hybrid environment."
"We would like to generate document pages from the sources."
"We have only seen a couple of issues on Gitlab, which we use for building some of the applications."
"It's more related to the supporting layer of features, such as issue management and issue tracking. We tend to always use, for example, Jira next to it. That doesn't mean that GitLab should build something similar to Jira because that will always have its place, but they could grow a bit in those kinds of supporting features. I see some, for example, covering ITSM on a DevOps team level, and that's one of the things that I and my current client would find really helpful. It's understandably not going to be their main focus and their core, and whenever you are with a company that needs a bit more advanced features on that specific topic, you're probably still going to integrate with another tool like Jira Service Management, for example. However, some basic features on things like that could be really helpful."
"Merge conflicts and repository maintenance could improve. If there is someone new to the system they would not know if there is a conflict."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 33 reviews while GitLab is ranked 8th in Static Application Security Testing (SAST) with 70 reviews. Coverity is rated 7.8, while GitLab is rated 8.6. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Mend.io, whereas GitLab is most compared with Microsoft Azure DevOps, Bamboo, SonarQube, AWS CodePipeline and Tekton. See our Coverity vs. GitLab report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.