Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Coverity comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Checkmarx One
Ranking in Static Application Security Testing (SAST)
3rd
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
71
Ranking in other categories
Application Security Tools (3rd), Vulnerability Management (24th), Static Code Analysis (3rd), API Security (5th), DevSecOps (5th), Risk-Based Vulnerability Management (9th)
Coverity
Ranking in Static Application Security Testing (SAST)
5th
Average Rating
7.8
Reviews Sentiment
6.5
Number of Reviews
43
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Static Application Security Testing (SAST) category, the mindshare of Checkmarx One is 9.5%, down from 12.7% compared to the previous year. The mindshare of Coverity is 7.2%, up from 6.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Syed Hasan - PeerSpot reviewer
Partner experiences excellent technical support and seamless initial setup
In my opinion, if we are able to extract or show the report, and because everything is going towards agent tech and GenAI, it would be beneficial if it could get integrated with our code base and do the fix automatically. It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from. This would be really helpful.
Jaile Sebes - PeerSpot reviewer
Resolving critical software issues demands faster implementation and better integration
We use Coverity primarily to find issues such as software bugs and memory leaks, especially in C++ and C# projects. It helps us identify deadlocks, synchronization issues, and product crashes Coverity has been instrumental in resolving product crashes by detecting various issues like deadlocks.…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."
"We use the solution for dynamic application testing."
"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"The most valuable feature is that it actually identifies the different criteria you can set to meet whatever standards you're trying to get your system accredited for."
"Helps us check vulnerabilities in our SAP Fiori application."
"The setup is fairly easy. We didn't struggle with the process at all."
"It shows in-depth code of where actual vulnerabilities are."
"Coverity is easy to set up and has a less lengthy process to find vulnerabilities."
"I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be."
"Provides software security, and helps to find potential security bugs or defects."
"Coverity is scalable."
"The features I find most valuable is that our entire company can publish the analysis results into our central space."
"Coverity provides excellent compliance and other features, which is a very good part."
"The solution effectively identifies bugs in code."
"The most valuable feature of Coverity is its interprocedural analysis, which is advantageous because it compares favorably with other tools in terms of security and code analysis."
 

Cons

"We can run only one project at a time."
"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"I would like to see the rate of false positives reduced."
"I would like to see the tool’s pricing improved."
"The Dynamic Application Security Testing (DAST) feature should be better."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"We have received some feedback from our customers who are receiving a large number of false positives."
"SCM integration is very poor in Coverity."
"The product should include more customization options. The analytics is not as deep as compared to SonarQube."
"There is an extra step in my organization that involves uploading to servers, which adds overhead."
"I had tried integrating the tool with Azure DevOps, but the report I got stated that my team faced many challenges."
"Reporting engine needs to be more robust."
"Some features are not performing well, like duplicate detection and switch case situations."
"The solution's user interface and quality gate could be improved."
"Sometimes it's a bit hard to figure out how to use the product’s UI."
 

Pricing and Cost Advice

"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."
"The solution's price is high and you pay based on the number of users."
"For around 250 users or committers, the cost is approximately $500,000."
"It's relatively expensive."
"The solution is costly."
"It is the right price for quality delivery."
"The pricing was not very good. This is just a framework which shouldn’t cost so much."
"If you want more, you have to pay more. You have to pay for additional modules or functionalities."
"Depending on the usage types, one has to opt for different types of licenses from Coverity, especially to be able to use areas like report viewing or report generation."
"I rate Coverity's price a ten on a scale of one to ten, where one is cheap and ten is expensive."
"The price is competitive with other solutions."
"The tool's price is somewhere in the middle. It's neither cheap nor expensive. I would rate the pricing a five out of ten."
"The solution's pricing is comparable to other products."
"Coverity is quite expensive."
"I would rate the tool's pricing a one out of ten."
"The pricing is on the expensive side, and we are paying for a couple of items."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
862,514 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
14%
Manufacturing Company
10%
Government
6%
Manufacturing Company
32%
Computer Software Company
14%
Financial Services Firm
7%
Government
4%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
What do you like most about Coverity?
The solution has improved our code quality and security very well.
 

Also Known As

No data available
Synopsys Static Analysis
 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
SAP, Mega International, Thales Alenia Space
Find out what your peers are saying about Checkmarx One vs. Coverity and other solutions. Updated: July 2025.
862,514 professionals have used our research since 2012.