We performed a comparison between Checkmarx and Coverity based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."
"The report function is the solution's greatest asset."
"The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"The only thing I like is that Checkmarx does not need to compile."
"The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"Provides software security, and helps to find potential security bugs or defects."
"I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be."
"The solution effectively identifies bugs in code."
"The app analysis is the most valuable feature as I know other solutions don't have that."
"We were very comfortable with the initial setup."
"It's very stable."
"The product is easy to use."
"This solution is easy to use."
"Checkmarx could improve by reducing the price."
"Checkmarx could improve the speed of the scans."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"Its user interface could be improved and made more friendly."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"The solution sometimes reports a false auditable code or false positive."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."
"Sometimes it's a bit hard to figure out how to use the product’s UI."
"We'd like it to be faster."
"Some features are not performing well, like duplicate detection and switch case situations."
"The product lacks sufficient customization options."
"We use GitHub and Gitflow, and Coverity does not fit with Gitflow. I have to create a screen for our branches, and it's a pain for developers. It has been difficult to integrate Coverity with our system."
"When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material."
"The level of vulnerability that this solution covers could be improved compared to other open source tools."
"The solution could use more rules."
Checkmarx is ranked 4th in Application Security Testing (AST) with 23 reviews while Coverity is ranked 9th in Application Security Testing (AST) with 14 reviews. Checkmarx is rated 7.6, while Coverity is rated 7.6. The top reviewer of Checkmarx writes "Supports different languages, has excellent support, and easily expands". On the other hand, the top reviewer of Coverity writes "Broad integration capacity and works with more languages than some competitors". Checkmarx is most compared with SonarQube, Veracode, Snyk, Micro Focus Fortify on Demand and Mend.io, whereas Coverity is most compared with SonarQube, Klocwork, Veracode, Micro Focus Fortify on Demand and Fortify Application Defender. See our Checkmarx vs. Coverity report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.