Checkmarx vs Coverity comparison

Cancel
You must select at least 2 products to compare!
Checkmarx Logo
41,786 views|29,769 comparisons
Synopsys Logo
21,915 views|15,108 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Checkmarx and Coverity based on real PeerSpot user reviews.

Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Checkmarx vs. Coverity Report (Updated: May 2023).
706,951 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most valuable features of Checkmarx are the automation and information that it provides in the reports.""It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx.""The report function is the solution's greatest asset.""The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful.""The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal.""The only thing I like is that Checkmarx does not need to compile.""The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera.""The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."

More Checkmarx Pros →

"Provides software security, and helps to find potential security bugs or defects.""I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be.""The solution effectively identifies bugs in code.""The app analysis is the most valuable feature as I know other solutions don't have that.""We were very comfortable with the initial setup.""It's very stable.""The product is easy to use.""This solution is easy to use."

More Coverity Pros →

Cons
"Checkmarx could improve by reducing the price.""Checkmarx could improve the speed of the scans.""Checkmarx has a slightly difficult compilation with the CI/CD pipeline.""Its user interface could be improved and made more friendly.""The plugins for the development environment have room for improvements such as for Android Studio and X code.""The solution sometimes reports a false auditable code or false positive.""Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities.""They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."

More Checkmarx Cons →

"Sometimes it's a bit hard to figure out how to use the product’s UI.""We'd like it to be faster.""Some features are not performing well, like duplicate detection and switch case situations.""The product lacks sufficient customization options.""We use GitHub and Gitflow, and Coverity does not fit with Gitflow. I have to create a screen for our branches, and it's a pain for developers. It has been difficult to integrate Coverity with our system.""When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material.""The level of vulnerability that this solution covers could be improved compared to other open source tools.""The solution could use more rules."

More Coverity Cons →

Pricing and Cost Advice
  • "It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing."
  • "Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually."
  • "We have purchased an annual license to use this solution. The price is reasonable."
  • "We're using a commercial version of Checkmarx, and we paid for the solution for one year. The price is high and could be reduced."
  • "The price of Checkmarx could be reduced to match their competitors, it is expensive."
  • "The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."
  • "If you want more, you have to pay more. You have to pay for additional modules or functionalities."
  • "Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."
  • More Checkmarx Pricing and Cost Advice →

  • "Coverity is very expensive."
  • "This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis."
  • "The pricing is very reasonable compared to other platforms. It is based on a three year license."
  • "The pricing is on the expensive side, and we are paying for a couple of items."
  • More Coverity Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    706,951 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
    Top Answer:JaeLee, check out our comparison page hereof Veracode vs Checkmarx: https://www.itcentralstation.c... Checkmarx is ranked 4th, while Veracode is ranked 1st with 39 reviews. Checkmarx is rated 8.0,… more »
    Top Answer:SonarQube historically was focused on Code Quality and Best Practices. Recently the enterprise and data center versions provide some security vulnerabilities detection with OWASP compliance. This is… more »
    Top Answer:We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing… more »
    Top Answer:We use the yearly-based license. I would rate the pricing a three out of ten, where one is very expensive, and ten is not expensive at all.
    Ranking
    Views
    41,786
    Comparisons
    29,769
    Reviews
    20
    Average Words per Review
    419
    Rating
    7.7
    Views
    21,915
    Comparisons
    15,108
    Reviews
    9
    Average Words per Review
    445
    Rating
    7.8
    Comparisons
    Also Known As
    Synopsys Static Analysis
    Learn More
    Overview

    Checkmarx is a highly accurate and flexible static code analysis product that allows organizations to automatically scan uncompiled code and identify hundreds of security vulnerabilities in all major coding languages and software frameworks. Checkmarx is available as a standalone product and can be effectively integrated into the software development lifecycle (SDLC) to streamline vulnerability detection and remediation. Checkmarx is trusted by leading organizations such as SAP, Samsung, and Salesforce.com.

    Checkmarx is a global leader in software security solutions for modern software development. Checkmarx delivers a comprehensive software security platform that unites with DevOps by scanning uncompiled source code for security vulnerabilities early in the development life cycle to reduce and remediate risk from software vulnerabilities. Using Checkmarx, teams avoid software security vulnerabilities managed via a single and unified dashboard without slowing down their delivery schedule.

    Checkmarx balances the needs of the entire organization, delivering seamless security from the start and throughout the entire software development life cycle. Checkmarx can be deployed on-premises in a private data center or hosted via a public cloud.

    Checkmarx Features

    Some of Checkmarx’s features include:

    • Source code scanning: Detect and repair more vulnerabilities before you release your code.

    • Open-source scanning: Find and eliminate the risks in your open-source code.

    • Interactive code scanning: Scan for vulnerabilities and runtime threats.

    • Open-source security for infrastructure as code: Identify and fix insecure IaC configurations that put your application at risk.

    Reviews from Real Users

    Checkmarx stands out among its competitors for a number of reasons. Two major ones are its ability to enable developers to secure their code with a single management dashboard and its high-speed scanning abilities.

    PeerSpot users note the effectiveness of these features. A CEO at a tech services company writes, “The most valuable features are the easy-to-understand interface, and it’s very user-friendly. We spend some time tuning to start scanning a new project, which is only a few clicks. A few simple tunes for custom rules and we can start our scan. We can do the work quickly and we don't need to compile the source code because Checkmarx does the work without compiling the project. The scanning is very quick. It's about 20,000 lines per hour, which is a good speed for scanning.”

    A director at a tech services company notes, “The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important.”

    A senior manager at a manufacturing company writes, “The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."

    Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts. 

    Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports 22 languages and over 70 frameworks and templates.

    Offer
    Learn more about Checkmarx
    Learn more about Coverity
    Sample Customers
    YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
    MStar Semiconductor, Alcatel-Lucent
    Top Industries
    REVIEWERS
    Computer Software Company36%
    Financial Services Firm21%
    Manufacturing Company11%
    Comms Service Provider7%
    VISITORS READING REVIEWS
    Financial Services Firm22%
    Computer Software Company17%
    Manufacturing Company7%
    Insurance Company6%
    REVIEWERS
    Manufacturing Company31%
    Computer Software Company25%
    Comms Service Provider19%
    Media Company6%
    VISITORS READING REVIEWS
    Manufacturing Company23%
    Computer Software Company18%
    Financial Services Firm7%
    Government5%
    Company Size
    REVIEWERS
    Small Business36%
    Midsize Enterprise15%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business14%
    Midsize Enterprise10%
    Large Enterprise75%
    REVIEWERS
    Small Business16%
    Midsize Enterprise12%
    Large Enterprise72%
    VISITORS READING REVIEWS
    Small Business14%
    Midsize Enterprise10%
    Large Enterprise75%
    Buyer's Guide
    Checkmarx vs. Coverity
    May 2023
    Find out what your peers are saying about Checkmarx vs. Coverity and other solutions. Updated: May 2023.
    706,951 professionals have used our research since 2012.

    Checkmarx is ranked 4th in Application Security Testing (AST) with 23 reviews while Coverity is ranked 9th in Application Security Testing (AST) with 14 reviews. Checkmarx is rated 7.6, while Coverity is rated 7.6. The top reviewer of Checkmarx writes "Supports different languages, has excellent support, and easily expands". On the other hand, the top reviewer of Coverity writes "Broad integration capacity and works with more languages than some competitors". Checkmarx is most compared with SonarQube, Veracode, Snyk, Micro Focus Fortify on Demand and Mend.io, whereas Coverity is most compared with SonarQube, Klocwork, Veracode, Micro Focus Fortify on Demand and Fortify Application Defender. See our Checkmarx vs. Coverity report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.