Contrast Security Assess vs Coverity Comparison 2022

Contrast Security Assess

Coverity

Contrast Security Assess

Read 3 Contrast Security Assess reviews

2,875 views|1,640 comparisons

Coverity

Read 7 Coverity reviews

21,996 views|15,656 comparisons

Comparison Buyer's Guide

Download the complete report

Buyer's Guide

Contrast Security Assess vs. Coverity

November 2022

Executive Summary

We performed a comparison between Contrast Security Assess and Coverity based on real PeerSpot user reviews.

Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Contrast Security Assess vs. Coverity Report (Updated: November 2022).

Download the complete report

655,774 professionals have used our research since 2012.

Featured Review

Anonymous User

Director of Threat and Vulnerability Management at a consultancy

We're gathering vulnerability data from multiple environments in real time, fundamentally changing how we identify...

The way that it has improved our application security process is that we are no longer performing scans of specific environments to provide... Read more →

Varun V

Senior Solutions Architect at a computer software company

Broad integration capacity and works with more languages than some competitors

To automate detection, we use Coverity's static analysis, which has a low false-positive ratio. That's because Coverity's analysis engine includes... Read more →

Quotes From Members

We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:

Pros

"By far, the thing that was able to provide value was the immediate response while testing ahead of release, in real-time.""The solution is very accurate in identifying vulnerabilities. In cases where we are performing application assessment using Contrast Assess, and also using legacy application security testing tools, Contrast successfully identifies the same vulnerabilities that the other tools have identified but it also identifies significantly more. In addition, it has visibility into application components that other testing methodologies are unaware of.""Assess has an excellent API interface to pull APIs."

More Contrast Security Assess Pros →

"One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited.""Coverity is scalable.""The app analysis is the most valuable feature as I know other solutions don't have that.""We were very comfortable with the initial setup.""I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be.""The most valuable feature of Coverity is the wrapper. We use the wrapper to build the C++ component, then we use the other code analysis to analyze the code to the build object, and then send back the result to the SonarQube server. Additionally, it is a powerful capabilities solution.""The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time."

More Coverity Pros →

Cons

"The out-of-the-box reporting could be improved. We need to write our own APIs to make the reporting more robust.""I think there was activity underway to support the centralized configuration control. There are ways to do it, but I think they were productizing more of that.""To instrument an agent, it has to be running on a type of application technology that the agent recognizes and understands. It's excellent when it works. If we're using an application that is using an unsupported technology, then we can't instrument it at all. We do use PHP and Contrast presently doesn't support that, although it's on their roadmap. My primary hurdle is that it doesn't support all of the technologies that we use."

More Contrast Security Assess Cons →

"We'd like it to be faster.""When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material.""Coverity is not stable.""Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better.""Coverity is far from perfection, and I'm not 100 percent sure it's helping me find what I need to find in my role. We need exactly what we are looking for, i.e. security errors and vulnerabilities. It doesn't seem to be reporting while we are changing our code.""Right now, the Coverity executable is around 1.2GB to download. If they can reduce it to approximately 600 or 700MB, that would be great. If they decrease the executable, it will be much easier to work in an environment like Docker.""The solution could use more rules."

More Coverity Cons →

Pricing and Cost Advice

"It's a tiered licensing model. The more you buy, as you cross certain quantity thresholds, the pricing changes. If you have a smaller environment, your licensing costs are going to be different than a larger environment... The licensing is primarily per application. An application can be as many agents as you need. If you've got 10 development servers and 20 production servers and 50 QA servers, all of those agents can be reporting as a single application that utilizes one license."

More Contrast Security Assess Pricing and Cost Advice →

"Coverity is very expensive."

"This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis."

More Coverity Pricing and Cost Advice →

See Which Vendors Are Best For You

Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.

See Recommendations

655,774 professionals have used our research since 2012.

Questions from the Community

What do you like most about Contrast Security Assess?

Top Answer:By far, the thing that was able to provide value was the immediate response while testing ahead of release, in real-time.

Read all 7 answers →

What is your experience regarding pricing and costs for Contrast Security...

Top Answer:For what it offers, it's a very reasonable cost. The way that it is priced is extremely straightforward. It works on the number of applications that you use, and you license a server. It is something… more »

Read all 6 answers →

What needs improvement with Contrast Security Assess?

Top Answer:Contrast is good at listening to its customers and setting product directions based on their feedback. Contrast continues to improve along multiple axes. One axis is languages and platforms. Support… more »

Read all 7 answers →

How would you decide between Coverity and Sonarqube?

Top Answer:We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing… more »

What do you like most about Coverity?

Top Answer:We were very comfortable with the initial setup.

Read all 14 answers →

What is your experience regarding pricing and costs for Coverity?

Top Answer:It is an expensive solution. Their sales team is very arrogant. I don't like their licensing mechanism. Everything is on very unfriendly terms. There are other tools you can use that are free and… more »

Read all 11 answers →

Ranking

13th

out of 41 in Application Security Testing (AST)

Views

2,875

Comparisons

1,640

Reviews

Average Words per Review

1,452

Rating

8.7

9th

out of 41 in Application Security Testing (AST)

Views

21,996

Comparisons

15,656

Reviews

Average Words per Review

525

Rating

7.9

Comparisons

Veracode vs. Contrast Security Assess

Compared 17% of the time.

SonarQube vs. Contrast Security Assess

Compared 14% of the time.

Snyk vs. Contrast Security Assess

Compared 13% of the time.

Fortify WebInspect vs. Contrast Security Assess

Compared 9% of the time.

HCL AppScan vs. Contrast Security Assess

Compared 8% of the time.

More Contrast Security Assess Competitors →

+ Add more products to compare

SonarQube vs. Coverity

Compared 59% of the time.

Veracode vs. Coverity

Compared 8% of the time.

Checkmarx vs. Coverity

Compared 6% of the time.

Klocwork vs. Coverity

Compared 5% of the time.

Micro Focus Fortify on Demand vs. Coverity

Compared 5% of the time.

More Coverity Competitors →

+ Add more products to compare

Also Known As

Contrast Assess

Synopsys Static Analysis

Learn More

Contrast Security

Synopsys

Overview

Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.

Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts.

Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports 22 languages and over 70 frameworks and templates.

Offer

Learn more about Contrast Security Assess

Learn More

Learn more about Coverity

Learn More

Sample Customers

Williams-Sonoma, Autodesk, HUAWEI, Chromeriver, RingCentral, Demandware.

MStar Semiconductor, Alcatel-Lucent

Top Industries

VISITORS READING REVIEWS

Computer Software Company18%

Financial Services Firm14%

Healthcare Company11%

Government10%

REVIEWERS

Manufacturing Company22%

Computer Software Company22%

Media Company11%

Government11%

VISITORS READING REVIEWS

Computer Software Company21%

Manufacturing Company21%

Comms Service Provider9%

Financial Services Firm5%

Company Size

REVIEWERS

Small Business13%

Midsize Enterprise25%

Large Enterprise63%

VISITORS READING REVIEWS

Small Business14%

Midsize Enterprise10%

Large Enterprise77%

REVIEWERS

Small Business17%

Midsize Enterprise17%

Large Enterprise67%

VISITORS READING REVIEWS

Small Business14%

Midsize Enterprise11%

Large Enterprise75%

Contrast Security Assess vs Coverity comparison

Contrast Security Assess

Coverity