Checkmarx vs Coverity comparison

You must select at least 2 products to compare!
Checkmarx Logo
35,146 views|24,005 comparisons
Synopsys Logo
18,944 views|12,427 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Checkmarx and Coverity based on real PeerSpot user reviews.

Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Checkmarx vs. Coverity Report (Updated: November 2023).
745,341 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"The most valuable features of Checkmarx are the automation and information that it provides in the reports.""The only thing I like is that Checkmarx does not need to compile.""The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility.""The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results.""The UI is user-friendly.""The solution has good performance, it is able to compute in 10 to 15 minutes.""The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal.""Apart from software scanning, software composition scanning is valuable."

More Checkmarx Pros →

"It's pretty stable. I rate the stability of Coverity nine out of ten.""The interface of Coverity is quite good, and it is also easy to use.""It's very stable.""I like Coverity's capability to scan codes once we push it. We don't need more time to review our colleagues' codes. Its UI is pretty straightforward.""The product is easy to use.""The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code.""The solution effectively identifies bugs in code.""The most valuable feature of Coverity is the wrapper. We use the wrapper to build the C++ component, then we use the other code analysis to analyze the code to the build object, and then send back the result to the SonarQube server. Additionally, it is a powerful capabilities solution."

More Coverity Pros →

"The plugins for the development environment have room for improvements such as for Android Studio and X code.""Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not.""The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement.""Checkmarx has a slightly difficult compilation with the CI/CD pipeline.""I would like the product to include more debugging and developed tools. It needs to also add enhancements on the coding side.""The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform.""We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process.""Checkmarx needs to be more scalable for large enterprise companies."

More Checkmarx Cons →

"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues.""The product lacks sufficient customization options.""We'd like it to be faster.""Coverity takes a lot of time to dereference null pointers.""The level of vulnerability that this solution covers could be improved compared to other open source tools.""Sometimes, vulnerabilities remain unidentified even after setting up the rules.""The solution's user interface and quality gate could be improved.""SCM integration is very poor in Coverity."

More Coverity Cons →

Pricing and Cost Advice
  • "We have purchased an annual license to use this solution. The price is reasonable."
  • "We're using a commercial version of Checkmarx, and we paid for the solution for one year. The price is high and could be reduced."
  • "The price of Checkmarx could be reduced to match their competitors, it is expensive."
  • "The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."
  • "If you want more, you have to pay more. You have to pay for additional modules or functionalities."
  • "Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."
  • "I would rate the solution’s pricing an eight out of ten. The tool’s pricing is higher than others and it is for the license alone."
  • "The solution is costly."
  • More Checkmarx Pricing and Cost Advice →

  • "This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis."
  • "The pricing is very reasonable compared to other platforms. It is based on a three year license."
  • "The pricing is on the expensive side, and we are paying for a couple of items."
  • "The solution is affordable."
  • "I would rate the pricing a six out of ten, where one is low, and ten is high price."
  • "The tool's price is somewhere in the middle. It's neither cheap nor expensive. I would rate the pricing a five out of ten."
  • "Coverity’s price is on the higher side. It should be lower."
  • "I would rate the tool's pricing a one out of ten."
  • More Coverity Pricing and Cost Advice →

    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    745,341 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
    Top Answer:The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility.
    Top Answer:The solution's price is high and you pay based on the number of users.
    Top Answer:We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing… more »
    Top Answer:I like Coverity's capability to scan codes once we push it. We don't need more time to review our colleagues' codes. Its UI is pretty straightforward.
    Top Answer:The solution has higher pricing. The price should be based on the user count. Suppose there is a ten-user license per pack. However, this could be adjusted to five users if needed.
    Average Words per Review
    Average Words per Review
    Also Known As
    Synopsys Static Analysis
    Learn More

    Checkmarx is a highly accurate and flexible static code analysis product that allows organizations to automatically scan uncompiled code and identify hundreds of security vulnerabilities in all major coding languages and software frameworks. Checkmarx is available as a standalone product and can be effectively integrated into the software development lifecycle (SDLC) to streamline vulnerability detection and remediation. Checkmarx is trusted by leading organizations such as SAP, Samsung, and

    Checkmarx is a global leader in software security solutions for modern software development. Checkmarx delivers a comprehensive software security platform that unites with DevOps by scanning uncompiled source code for security vulnerabilities early in the development life cycle to reduce and remediate risk from software vulnerabilities. Using Checkmarx, teams avoid software security vulnerabilities managed via a single and unified dashboard without slowing down their delivery schedule.

    Checkmarx balances the needs of the entire organization, delivering seamless security from the start and throughout the entire software development life cycle. Checkmarx can be deployed on-premises in a private data center or hosted via a public cloud.

    Checkmarx Features

    Some of Checkmarx’s features include:

    • Source code scanning: Detect and repair more vulnerabilities before you release your code.

    • Open-source scanning: Find and eliminate the risks in your open-source code.

    • Interactive code scanning: Scan for vulnerabilities and runtime threats.

    • Open-source security for infrastructure as code: Identify and fix insecure IaC configurations that put your application at risk.

    Reviews from Real Users

    Checkmarx stands out among its competitors for a number of reasons. Two major ones are its ability to enable developers to secure their code with a single management dashboard and its high-speed scanning abilities.

    PeerSpot users note the effectiveness of these features. A CEO at a tech services company writes, “The most valuable features are the easy-to-understand interface, and it’s very user-friendly. We spend some time tuning to start scanning a new project, which is only a few clicks. A few simple tunes for custom rules and we can start our scan. We can do the work quickly and we don't need to compile the source code because Checkmarx does the work without compiling the project. The scanning is very quick. It's about 20,000 lines per hour, which is a good speed for scanning.”

    A director at a tech services company notes, “The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important.”

    A senior manager at a manufacturing company writes, “The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."

    Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts. 

    Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports 22 languages and over 70 frameworks and templates.

    Learn more about Checkmarx
    Learn more about Coverity
    Sample Customers
    YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
    MStar Semiconductor, Alcatel-Lucent
    Top Industries
    Computer Software Company34%
    Financial Services Firm21%
    Manufacturing Company10%
    Comms Service Provider7%
    Financial Services Firm23%
    Computer Software Company15%
    Manufacturing Company8%
    Insurance Company6%
    Manufacturing Company38%
    Computer Software Company24%
    Comms Service Provider14%
    Manufacturing Company26%
    Computer Software Company16%
    Financial Services Firm7%
    Company Size
    Small Business38%
    Midsize Enterprise14%
    Large Enterprise48%
    Small Business16%
    Midsize Enterprise11%
    Large Enterprise73%
    Small Business15%
    Midsize Enterprise15%
    Large Enterprise70%
    Small Business14%
    Midsize Enterprise10%
    Large Enterprise76%
    Buyer's Guide
    Checkmarx vs. Coverity
    November 2023
    Find out what your peers are saying about Checkmarx vs. Coverity and other solutions. Updated: November 2023.
    745,341 professionals have used our research since 2012.

    Checkmarx is ranked 3rd in Application Security Testing (AST) with 23 reviews while Coverity is ranked 4th in Application Security Testing (AST) with 20 reviews. Checkmarx is rated 7.6, while Coverity is rated 8.0. The top reviewer of Checkmarx writes "Supports different languages, has excellent support, and easily expands". On the other hand, the top reviewer of Coverity writes " A tool to fix bug issues and detect errors with code analysis". Checkmarx is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and, whereas Coverity is most compared with SonarQube, Klocwork, Veracode, Fortify on Demand and Polyspace Code Prover. See our Checkmarx vs. Coverity report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.