Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Coverity Static comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 15, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Checkmarx One
Ranking in Static Application Security Testing (SAST)
3rd
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
71
Ranking in other categories
Application Security Tools (3rd), Vulnerability Management (23rd), Container Security (22nd), Static Code Analysis (3rd), API Security (3rd), Dynamic Application Security Testing (DAST) (4th), DevSecOps (5th), Risk-Based Vulnerability Management (9th)
Coverity Static
Ranking in Static Application Security Testing (SAST)
4th
Average Rating
7.8
Reviews Sentiment
6.5
Number of Reviews
43
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of September 2025, in the Static Application Security Testing (SAST) category, the mindshare of Checkmarx One is 9.9%, down from 12.4% compared to the previous year. The mindshare of Coverity Static is 6.3%, down from 7.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST) Market Share Distribution
ProductMarket Share (%)
Checkmarx One9.9%
Coverity6.3%
Other83.8%
Static Application Security Testing (SAST)
 

Featured Reviews

Syed Hasan - PeerSpot reviewer
Partner experiences excellent technical support and seamless initial setup
In my opinion, if we are able to extract or show the report, and because everything is going towards agent tech and GenAI, it would be beneficial if it could get integrated with our code base and do the fix automatically. It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from. This would be really helpful.
Jaile Sebes - PeerSpot reviewer
Resolving critical software issues demands faster implementation and better integration
We use Coverity primarily to find issues such as software bugs and memory leaks, especially in C++ and C# projects. It helps us identify deadlocks, synchronization issues, and product crashes Coverity has been instrumental in resolving product crashes by detecting various issues like deadlocks.…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Most valuable features include: ease of use, dashboard. interface and the ability to report."
"The solution allows us to create custom rules for code checks."
"Both automatic and manual code review (CxQL) are valuable."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"The solution has good performance, it is able to compute in 10 to 15 minutes."
"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"We use the solution to validate the source code and do SAST and security analysis."
"Coverity integrates with issue-tracking systems like Jira and provides email notifications, alerts, and other features."
"The security analysis features are the most valuable features of this solution."
"We were very comfortable with the initial setup."
"Coverity provides excellent compliance and other features, which is a very good part."
"Provides software security, and helps to find potential security bugs or defects."
"The product has been beneficial in logging functionality, allowing me to categorize vulnerabilities based on severity. This aids in providing updated reports on subsequent scans."
"It's pretty stable. I rate the stability of Coverity nine out of ten."
"I like Coverity's capability to scan codes once we push it. We don't need more time to review our colleagues' codes. Its UI is pretty straightforward."
 

Cons

"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."
"I would like to see the DAST solution in the future."
"Checkmarx could improve by reducing the price."
"We have received some feedback from our customers who are receiving a large number of false positives."
"One area for improvement in Checkmarx is pricing, as it's more expensive than other products."
"In terms of dashboarding, the solution could provide a little more flexibility in terms of creating more dashboards. It has some of its own dashboards that come out of the box. However, if I have to implement my own dashboards that are aligned to my organization's requirements, that dashboarding feature has limited capability right now."
"There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver."
"The validation process needs to be sped up."
"I had tried integrating the tool with Azure DevOps, but the report I got stated that my team faced many challenges."
"Coverity is far from perfection, and I'm not 100 percent sure it's helping me find what I need to find in my role. We need exactly what we are looking for, i.e. security errors and vulnerabilities. It doesn't seem to be reporting while we are changing our code."
"The solution is a bit complex to use in comparison to other products that have many plugins."
"Coverity's implementation cycle is very slow when integrating changes, especially for problems related to event handling and memory leaks."
"Coverity is not stable."
"There is an extra step in my organization that involves uploading to servers, which adds overhead."
"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."
"We're currently facing a primary challenge with automation using Coverity. Each developer has a license and can perform manual checks, and we also have a nightly build that analyzes the entire software. The main issue is that the tool can't look behind submodules in our code base, so it doesn't see changes stored there."
 

Pricing and Cost Advice

"The solution's price is high and you pay based on the number of users."
"Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually."
"It is a good product but a little overpriced."
"The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
"I would rate the solution’s pricing an eight out of ten. The tool’s pricing is higher than others and it is for the license alone."
"It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing."
"We have a subscription license that is on a yearly basis, and it's a pretty competitive solution."
"Be cautious of the one-year subscription date. Once it expires, your price will go up."
"Coverity is very expensive."
"The solution is affordable."
"I would rate the pricing a six out of ten, where one is low, and ten is high price."
"The tool's price is somewhere in the middle. It's neither cheap nor expensive. I would rate the pricing a five out of ten."
"Coverity is quite expensive."
"I rate Coverity's price a ten on a scale of one to ten, where one is cheap and ten is expensive."
"I would rate the tool's pricing a one out of ten."
"This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
867,497 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
20%
Computer Software Company
13%
Manufacturing Company
10%
Government
6%
Manufacturing Company
32%
Computer Software Company
14%
Financial Services Firm
6%
Government
4%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business30
Midsize Enterprise9
Large Enterprise38
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise6
Large Enterprise31
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
What do you like most about Coverity?
The solution has improved our code quality and security very well.
 

Also Known As

No data available
Synopsys Static Analysis
 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
SAP, Mega International, Thales Alenia Space
Find out what your peers are saying about Checkmarx One vs. Coverity Static and other solutions. Updated: September 2025.
867,497 professionals have used our research since 2012.