We performed a comparison between Checkmarx One and Coverity based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Scan reviews can occur during the development lifecycle."
"We use the solution for dynamic application testing."
"Vulnerability details is valuable."
"The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages."
"The setup is fairly easy. We didn't struggle with the process at all."
"The interface of Coverity is quite good, and it is also easy to use."
"The solution effectively identifies bugs in code."
"This solution is easy to use."
"The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent."
"Coverity is scalable."
"I like Coverity's capability to scan codes once we push it. We don't need more time to review our colleagues' codes. Its UI is pretty straightforward."
"One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited."
"The features I find most valuable is that our entire company can publish the analysis results into our central space."
"You can't use it in the continuous delivery pipeline because the scanning takes too much time."
"We have received some feedback from our customers who are receiving a large number of false positives."
"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"Micro-services need to be included in the next release."
"They could work to improve the user interface. Right now, it really is lacking."
"One area for improvement in Checkmarx is pricing, as it's more expensive than other products."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better."
"It should be easier to specify your own validation routines and sanitation routines."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"Sometimes it's a bit hard to figure out how to use the product’s UI."
"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."
"The solution's user interface and quality gate could be improved."
"The setup takes very long."
Checkmarx One is ranked 3rd in Application Security Testing (AST) with 67 reviews while Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews. Checkmarx One is rated 7.6, while Coverity is rated 7.8. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Coverity writes "Best SAST tool to check software quality issues". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Mend.io, whereas Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Veracode and Polyspace Code Prover. See our Checkmarx One vs. Coverity report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.