Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Coverity comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Checkmarx One
Ranking in Static Application Security Testing (SAST)
3rd
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
71
Ranking in other categories
Application Security Tools (3rd), Vulnerability Management (24th), Static Code Analysis (3rd), API Security (5th), DevSecOps (5th), Risk-Based Vulnerability Management (9th)
Coverity
Ranking in Static Application Security Testing (SAST)
5th
Average Rating
7.8
Reviews Sentiment
6.5
Number of Reviews
43
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Static Application Security Testing (SAST) category, the mindshare of Checkmarx One is 9.5%, down from 12.7% compared to the previous year. The mindshare of Coverity is 7.2%, up from 6.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Syed Hasan - PeerSpot reviewer
Partner experiences excellent technical support and seamless initial setup
In my opinion, if we are able to extract or show the report, and because everything is going towards agent tech and GenAI, it would be beneficial if it could get integrated with our code base and do the fix automatically. It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from. This would be really helpful.
Jaile Sebes - PeerSpot reviewer
Resolving critical software issues demands faster implementation and better integration
We use Coverity primarily to find issues such as software bugs and memory leaks, especially in C++ and C# projects. It helps us identify deadlocks, synchronization issues, and product crashes Coverity has been instrumental in resolving product crashes by detecting various issues like deadlocks.…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It gives the proper code flow of vulnerabilities and the number of occurrences."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."
"I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy."
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"The security analysis features are the most valuable features of this solution."
"The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent."
"It provides reports about a lot of potential defects."
"I like Coverity's capability to scan codes once we push it. We don't need more time to review our colleagues' codes. Its UI is pretty straightforward."
"In my opinion, the most effective Coverity feature for identifying critical vulnerabilities is the extra checks, which offers deep analysis."
"It has the lowest false positives."
"The features I find most valuable is that our entire company can publish the analysis results into our central space."
"It is a scalable solution."
 

Cons

"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."
"I would like to see the DAST solution in the future."
"Some were valid and some were not applicable for us based on the scenario."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"Sometimes, vulnerabilities remain unidentified even after setting up the rules."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"The setup takes very long."
"The price is a concern, and there are a lot of false positives coming through."
"The level of vulnerability that this solution covers could be improved compared to other open source tools."
"We'd like it to be faster."
"The product lacks sufficient customization options."
"The solution could use more rules."
 

Pricing and Cost Advice

"We have purchased an annual license to use this solution. The price is reasonable."
"Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually."
"Be cautious of the one-year subscription date. Once it expires, your price will go up."
"It's relatively expensive."
"If you want more, you have to pay more. You have to pay for additional modules or functionalities."
"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."
"For around 250 users or committers, the cost is approximately $500,000."
"The pricing was not very good. This is just a framework which shouldn’t cost so much."
"The solution's pricing is comparable to other products."
"The solution is affordable."
"Coverity’s price is on the higher side. It should be lower."
"The tool was fairly priced."
"The price is competitive with other solutions."
"The tool's price is somewhere in the middle. It's neither cheap nor expensive. I would rate the pricing a five out of ten."
"Coverity is very expensive."
"I would rate Coverity's pricing as a nine out of ten. It's already very expensive, and it's a problem for us to get more licenses due to the price. The pricing model has some good aspects - for example, a personal license gives access to all languages without code limitations, which is better than some competitors. However, it's still a lot of money for us to spend."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
862,514 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
14%
Manufacturing Company
10%
Government
6%
Manufacturing Company
32%
Computer Software Company
14%
Financial Services Firm
7%
Government
4%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
What do you like most about Coverity?
The solution has improved our code quality and security very well.
 

Also Known As

No data available
Synopsys Static Analysis
 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
SAP, Mega International, Thales Alenia Space
Find out what your peers are saying about Checkmarx One vs. Coverity and other solutions. Updated: July 2025.
862,514 professionals have used our research since 2012.