Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Coverity comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Checkmarx One
Ranking in Static Application Security Testing (SAST)
3rd
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
71
Ranking in other categories
Application Security Tools (3rd), Vulnerability Management (23rd), Container Security (22nd), Static Code Analysis (3rd), API Security (3rd), Dynamic Application Security Testing (DAST) (4th), DevSecOps (5th), Risk-Based Vulnerability Management (9th)
Coverity
Ranking in Static Application Security Testing (SAST)
4th
Average Rating
7.8
Reviews Sentiment
6.5
Number of Reviews
43
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of September 2025, in the Static Application Security Testing (SAST) category, the mindshare of Checkmarx One is 9.9%, down from 12.4% compared to the previous year. The mindshare of Coverity is 6.3%, down from 7.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST) Market Share Distribution
ProductMarket Share (%)
Checkmarx One9.9%
Coverity6.3%
Other83.8%
Static Application Security Testing (SAST)
 

Featured Reviews

Syed Hasan - PeerSpot reviewer
Partner experiences excellent technical support and seamless initial setup
In my opinion, if we are able to extract or show the report, and because everything is going towards agent tech and GenAI, it would be beneficial if it could get integrated with our code base and do the fix automatically. It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from. This would be really helpful.
Jaile Sebes - PeerSpot reviewer
Resolving critical software issues demands faster implementation and better integration
We use Coverity primarily to find issues such as software bugs and memory leaks, especially in C++ and C# projects. It helps us identify deadlocks, synchronization issues, and product crashes Coverity has been instrumental in resolving product crashes by detecting various issues like deadlocks.…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The user interface is excellent. It's very user friendly."
"The report function is the solution's greatest asset."
"I have seen a return on investment from Checkmarx One."
"The most valuable features of Checkmarx are its integration with multiple SCM solutions and CICD tools, its ability to scale according to user licenses, and the quick scanning process."
"The SAST component was absolutely 100% stable."
"Scan reviews can occur during the development lifecycle."
"The most valuable feature for me is the Jenkins Plugin."
"Our static operation security has been able to identify more security issues since implementing this solution."
"The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code."
"It is a scalable solution."
"The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent."
"Coverity is easy to use and easy to integrate with CI."
"The most valuable feature of Coverity is its software security feature called the Checker. If you share some vulnerability or weakness then the software can find any potential security bug or defect. The code integration tool enables some secure coding standards and implements some Checkers for Live Duo. So we can enable secure coding and Azure in this tool. So in our software, we can make sure our software combines some industry supervised data."
"The most valuable feature of Coverity is its interprocedural analysis, which is advantageous because it compares favorably with other tools in terms of security and code analysis."
"Coverity is quite stable and we haven’t had any issues or any downtime."
"Coverity is easy to use and easy to integrate with CI."
 

Cons

"Micro-services need to be included in the next release."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"Meta data is always needed."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
"Updating and debugging of queries is not very convenient."
"Implementing a blackout time for any user or teams: Needs improvement."
"It would be really helpful if the level of confidence was included, with respect to identified issues."
"Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better."
"The product should include more customization options. The analytics is not as deep as compared to SonarQube."
"We use GitHub and Gitflow, and Coverity does not fit with Gitflow. I have to create a screen for our branches, and it's a pain for developers. It has been difficult to integrate Coverity with our system."
"The setup takes very long."
"Coverity is far from perfection, and I'm not 100 percent sure it's helping me find what I need to find in my role. We need exactly what we are looking for, i.e. security errors and vulnerabilities. It doesn't seem to be reporting while we are changing our code."
"The solution needs to improve its false positives."
"Right now, the Coverity executable is around 1.2GB to download. If they can reduce it to approximately 600 or 700MB, that would be great. If they decrease the executable, it will be much easier to work in an environment like Docker."
"There is an extra step in my organization that involves uploading to servers, which adds overhead."
 

Pricing and Cost Advice

"It is an expensive solution."
"We have a subscription license that is on a yearly basis, and it's a pretty competitive solution."
"The pricing was not very good. This is just a framework which shouldn’t cost so much."
"We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."
"This solution is expensive. The customized package allows you to buy additional users at any time."
"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."
"It is the right price for quality delivery."
"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."
"I would rate the pricing a six out of ten, where one is low, and ten is high price."
"The solution's pricing is comparable to other products."
"I rate Coverity's price a ten on a scale of one to ten, where one is cheap and ten is expensive."
"The solution is affordable."
"It is expensive."
"Coverity is very expensive."
"Coverity’s price is on the higher side. It should be lower."
"Depending on the usage types, one has to opt for different types of licenses from Coverity, especially to be able to use areas like report viewing or report generation."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
867,341 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
20%
Computer Software Company
13%
Manufacturing Company
10%
Government
6%
Manufacturing Company
32%
Computer Software Company
14%
Financial Services Firm
6%
Government
4%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business30
Midsize Enterprise9
Large Enterprise38
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise6
Large Enterprise31
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
What do you like most about Coverity?
The solution has improved our code quality and security very well.
 

Also Known As

No data available
Synopsys Static Analysis
 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
SAP, Mega International, Thales Alenia Space
Find out what your peers are saying about Checkmarx One vs. Coverity and other solutions. Updated: September 2025.
867,341 professionals have used our research since 2012.