• Home
  • Checkmarx One vs. Coverity

Checkmarx One vs Coverity comparison

Cancel
You must select at least 2 products to compare!
Checkmarx Logo

Checkmarx One

Read 67 Checkmarx One reviews
33,297 views|21,828 comparisons
86% willing to recommend
Synopsys Logo

Coverity

Read 33 Coverity reviews
17,993 views|11,623 comparisons
88% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Checkmarx One vs. Coverity
March 2024
Executive Summary

We performed a comparison between Checkmarx One and Coverity based on real PeerSpot user reviews.

Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Checkmarx One vs. Coverity Report (Updated: March 2024).
Download the complete report
768,924 professionals have used our research since 2012.
Featured Review
Anonymous User
Responsive support, useful code-checking module, and high availability
Checkmarx detected code sections that did not adhere to best practices. After being informed, the programmers were able to rectify some of the... Read more →
Ruihan Zhu
Researched Checkmarx One but chose Coverity: Identify any flow issues in the code but lacks in some features
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Scan reviews can occur during the development lifecycle.""We use the solution for dynamic application testing.""Vulnerability details is valuable.""The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions).""The reports are very good because they include details on the code level, and make suggestions about how to fix the problems.""The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all.""The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages.""The setup is fairly easy. We didn't struggle with the process at all."

More Checkmarx One Pros →

"The interface of Coverity is quite good, and it is also easy to use.""The solution effectively identifies bugs in code.""This solution is easy to use.""The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent.""Coverity is scalable.""I like Coverity's capability to scan codes once we push it. We don't need more time to review our colleagues' codes. Its UI is pretty straightforward.""One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited.""The features I find most valuable is that our entire company can publish the analysis results into our central space."

More Coverity Pros →

Cons
"You can't use it in the continuous delivery pipeline because the scanning takes too much time.""We have received some feedback from our customers who are receiving a large number of false positives.""The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered.""Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed.""I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service.""Micro-services need to be included in the next release.""They could work to improve the user interface. Right now, it really is lacking.""One area for improvement in Checkmarx is pricing, as it's more expensive than other products."

More Checkmarx One Cons →

"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming.""Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better.""It should be easier to specify your own validation routines and sanitation routines.""The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming.""Sometimes it's a bit hard to figure out how to use the product’s UI.""We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues.""The solution's user interface and quality gate could be improved.""The setup takes very long."

More Coverity Cons →

Pricing and Cost Advice
  • "It is the right price for quality delivery."
  • "I believe pricing is better compared to other commercial tools."
  • "The pricing was not very good. This is just a framework which shouldn’t cost so much."
  • "The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
  • "It is a good product but a little overpriced."
  • "The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
  • "​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
  • "We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."

    • More Checkmarx One Pricing and Cost Advice →

  • "Coverity is quite expensive."
  • "The licensing fees are based on the number of lines of code."
  • "The price is competitive with other solutions."
  • "It is expensive."
  • "Coverity is very expensive."
  • "This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis."
  • "The pricing is very reasonable compared to other platforms. It is based on a three year license."
  • "The pricing is on the expensive side, and we are paying for a couple of items."

    • More Coverity Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    See Recommendations
    768,924 professionals have used our research since 2012.
    Questions from the Community
    What alternatives are there for Fortify WebInspect and Fortify SCA?
    Top Answer:I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
    Read all 4 answers   →
    What do you like most about Checkmarx?
    Top Answer:Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
    Read all 38 answers   →
    What is your experience regarding pricing and costs for Checkmarx?
    Top Answer:The solution's price is high and you pay based on the number of users.
    Read all 25 answers   →
    How would you decide between Coverity and Sonarqube?
    Top Answer:We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing… more »
    What do you like most about Coverity?
    Top Answer:The solution has improved our code quality and security very well.
    Read all 23 answers   →
    What is your experience regarding pricing and costs for Coverity?
    Top Answer:The tool was fairly priced.
    Read all 20 answers   →
    Ranking
    3rd
    out of 67 in Application Security Testing (AST)
    Views
    33,297
    Comparisons
    21,828
    Reviews
    21
    Average Words per Review
    513
    Rating
    7.7
    4th
    out of 67 in Application Security Testing (AST)
    Views
    17,993
    Comparisons
    11,623
    Reviews
    22
    Average Words per Review
    382
    Rating
    8.0
    Comparisons
    SonarQube logo
    SonarQube vs. Checkmarx One
    Compared 52% of the time.
    Veracode logo
    Veracode vs. Checkmarx One
    Compared 13% of the time.
    Fortify on Demand logo
    Fortify on Demand vs. Checkmarx One
    Compared 6% of the time.
    Snyk logo
    Snyk vs. Checkmarx One
    Compared 4% of the time.
    Mend.io logo
    Mend.io vs. Checkmarx One
    Compared 3% of the time.
    More Checkmarx One Competitors   →
    SonarQube logo
    SonarQube vs. Coverity
    Compared 51% of the time.
    Klocwork logo
    Klocwork vs. Coverity
    Compared 9% of the time.
    Fortify on Demand logo
    Fortify on Demand vs. Coverity
    Compared 6% of the time.
    Veracode logo
    Veracode vs. Coverity
    Compared 5% of the time.
    Polyspace Code Prover logo
    Polyspace Code Prover vs. Coverity
    Compared 4% of the time.
    More Coverity Competitors   →
    Also Known As
    Synopsys Static Analysis
    Learn More
    Checkmarx
    Synopsys
    Overview

    Checkmarx is a highly accurate and flexible static code analysis product that allows organizations to automatically scan uncompiled code and identify hundreds of security vulnerabilities in all major coding languages and software frameworks. Checkmarx is available as a standalone product and can be effectively integrated into the software development lifecycle (SDLC) to streamline vulnerability detection and remediation. Checkmarx is trusted by leading organizations such as SAP, Samsung, and Salesforce.com.

    Checkmarx is a global leader in software security solutions for modern software development. Checkmarx delivers a comprehensive software security platform that unites with DevOps by scanning uncompiled source code for security vulnerabilities early in the development life cycle to reduce and remediate risk from software vulnerabilities. Using Checkmarx, teams avoid software security vulnerabilities managed via a single and unified dashboard without slowing down their delivery schedule.

    Checkmarx balances the needs of the entire organization, delivering seamless security from the start and throughout the entire software development life cycle. Checkmarx can be deployed on-premises in a private data center or hosted via a public cloud.

    Checkmarx Features

    Some of Checkmarx’s features include:

    • Source code scanning: Detect and repair more vulnerabilities before you release your code.

    • Open-source scanning: Find and eliminate the risks in your open-source code.

    • Interactive code scanning: Scan for vulnerabilities and runtime threats.

    • Open-source security for infrastructure as code: Identify and fix insecure IaC configurations that put your application at risk.

    Reviews from Real Users

    Checkmarx stands out among its competitors for a number of reasons. Two major ones are its ability to enable developers to secure their code with a single management dashboard and its high-speed scanning abilities.

    PeerSpot users note the effectiveness of these features. A CEO at a tech services company writes, “The most valuable features are the easy-to-understand interface, and it’s very user-friendly. We spend some time tuning to start scanning a new project, which is only a few clicks. A few simple tunes for custom rules and we can start our scan. We can do the work quickly and we don't need to compile the source code because Checkmarx does the work without compiling the project. The scanning is very quick. It's about 20,000 lines per hour, which is a good speed for scanning.”

    A director at a tech services company notes, “The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important.”

    A senior manager at a manufacturing company writes, “The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."

    Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts. 

    Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports 22 languages and over 70 frameworks and templates.

    Sample Customers
    YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
    MStar Semiconductor, Alcatel-Lucent
    Top Industries
    REVIEWERS
    Computer Software Company31%
    Financial Services Firm19%
    Comms Service Provider9%
    Manufacturing Company9%
    VISITORS READING REVIEWS
    Financial Services Firm21%
    Computer Software Company15%
    Manufacturing Company9%
    Insurance Company5%
    REVIEWERS
    Manufacturing Company38%
    Computer Software Company21%
    Comms Service Provider17%
    Retailer8%
    VISITORS READING REVIEWS
    Manufacturing Company28%
    Computer Software Company15%
    Financial Services Firm8%
    Government4%
    Company Size
    REVIEWERS
    Small Business38%
    Midsize Enterprise13%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise11%
    Large Enterprise72%
    REVIEWERS
    Small Business17%
    Midsize Enterprise14%
    Large Enterprise69%
    VISITORS READING REVIEWS
    Small Business14%
    Midsize Enterprise10%
    Large Enterprise76%
    Buyer's Guide
    Checkmarx One vs. Coverity
    March 2024
    Free Report: Checkmarx One vs. Coverity
    Find out what your peers are saying about Checkmarx One vs. Coverity and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    768,924 professionals have used our research since 2012.

    Checkmarx One is ranked 3rd in Application Security Testing (AST) with 67 reviews while Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews. Checkmarx One is rated 7.6, while Coverity is rated 7.8. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Coverity writes "Best SAST tool to check software quality issues". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Mend.io, whereas Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Veracode and Polyspace Code Prover. See our Checkmarx One vs. Coverity report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.