Contrast Security Assess vs Coverity comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Contrast Security Assess and Coverity based on real PeerSpot user reviews.

Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Contrast Security Assess vs. Coverity Report (Updated: November 2022).
655,774 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"By far, the thing that was able to provide value was the immediate response while testing ahead of release, in real-time.""The solution is very accurate in identifying vulnerabilities. In cases where we are performing application assessment using Contrast Assess, and also using legacy application security testing tools, Contrast successfully identifies the same vulnerabilities that the other tools have identified but it also identifies significantly more. In addition, it has visibility into application components that other testing methodologies are unaware of.""Assess has an excellent API interface to pull APIs."

More Contrast Security Assess Pros →

"One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited.""Coverity is scalable.""The app analysis is the most valuable feature as I know other solutions don't have that.""We were very comfortable with the initial setup.""I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be.""The most valuable feature of Coverity is the wrapper. We use the wrapper to build the C++ component, then we use the other code analysis to analyze the code to the build object, and then send back the result to the SonarQube server. Additionally, it is a powerful capabilities solution.""The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time."

More Coverity Pros →

Cons
"The out-of-the-box reporting could be improved. We need to write our own APIs to make the reporting more robust.""I think there was activity underway to support the centralized configuration control. There are ways to do it, but I think they were productizing more of that.""To instrument an agent, it has to be running on a type of application technology that the agent recognizes and understands. It's excellent when it works. If we're using an application that is using an unsupported technology, then we can't instrument it at all. We do use PHP and Contrast presently doesn't support that, although it's on their roadmap. My primary hurdle is that it doesn't support all of the technologies that we use."

More Contrast Security Assess Cons →

"We'd like it to be faster.""When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material.""Coverity is not stable.""Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better.""Coverity is far from perfection, and I'm not 100 percent sure it's helping me find what I need to find in my role. We need exactly what we are looking for, i.e. security errors and vulnerabilities. It doesn't seem to be reporting while we are changing our code.""Right now, the Coverity executable is around 1.2GB to download. If they can reduce it to approximately 600 or 700MB, that would be great. If they decrease the executable, it will be much easier to work in an environment like Docker.""The solution could use more rules."

More Coverity Cons →

Pricing and Cost Advice
  • "It's a tiered licensing model. The more you buy, as you cross certain quantity thresholds, the pricing changes. If you have a smaller environment, your licensing costs are going to be different than a larger environment... The licensing is primarily per application. An application can be as many agents as you need. If you've got 10 development servers and 20 production servers and 50 QA servers, all of those agents can be reporting as a single application that utilizes one license."
  • More Contrast Security Assess Pricing and Cost Advice →

  • "Coverity is very expensive."
  • "This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis."
  • More Coverity Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    655,774 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:By far, the thing that was able to provide value was the immediate response while testing ahead of release, in real-time.
    Top Answer:For what it offers, it's a very reasonable cost. The way that it is priced is extremely straightforward. It works on the number of applications that you use, and you license a server. It is something… more »
    Top Answer:Contrast is good at listening to its customers and setting product directions based on their feedback. Contrast continues to improve along multiple axes. One axis is languages and platforms. Support… more »
    Top Answer:We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing… more »
    Top Answer:We were very comfortable with the initial setup.
    Top Answer:It is an expensive solution. Their sales team is very arrogant. I don't like their licensing mechanism. Everything is on very unfriendly terms. There are other tools you can use that are free and… more »
    Ranking
    Views
    2,875
    Comparisons
    1,640
    Reviews
    3
    Average Words per Review
    1,452
    Rating
    8.7
    Views
    21,996
    Comparisons
    15,656
    Reviews
    7
    Average Words per Review
    525
    Rating
    7.9
    Comparisons
    Also Known As
    Contrast Assess
    Synopsys Static Analysis
    Learn More
    Overview

    Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.

    Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts. 

    Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports 22 languages and over 70 frameworks and templates.

    Offer
    Learn more about Contrast Security Assess
    Learn more about Coverity
    Sample Customers
    Williams-Sonoma, Autodesk, HUAWEI, Chromeriver, RingCentral, Demandware.
    MStar Semiconductor, Alcatel-Lucent
    Top Industries
    VISITORS READING REVIEWS
    Computer Software Company18%
    Financial Services Firm14%
    Healthcare Company11%
    Government10%
    REVIEWERS
    Manufacturing Company22%
    Computer Software Company22%
    Media Company11%
    Government11%
    VISITORS READING REVIEWS
    Computer Software Company21%
    Manufacturing Company21%
    Comms Service Provider9%
    Financial Services Firm5%
    Company Size
    REVIEWERS
    Small Business13%
    Midsize Enterprise25%
    Large Enterprise63%
    VISITORS READING REVIEWS
    Small Business14%
    Midsize Enterprise10%
    Large Enterprise77%
    REVIEWERS
    Small Business17%
    Midsize Enterprise17%
    Large Enterprise67%
    VISITORS READING REVIEWS
    Small Business14%
    Midsize Enterprise11%
    Large Enterprise75%
    Buyer's Guide
    Contrast Security Assess vs. Coverity
    November 2022
    Find out what your peers are saying about Contrast Security Assess vs. Coverity and other solutions. Updated: November 2022.
    655,774 professionals have used our research since 2012.

    Contrast Security Assess is ranked 13th in Application Security Testing (AST) with 3 reviews while Coverity is ranked 9th in Application Security Testing (AST) with 7 reviews. Contrast Security Assess is rated 8.6, while Coverity is rated 7.8. The top reviewer of Contrast Security Assess writes "We're gathering vulnerability data from multiple environments in real time, fundamentally changing how we identify issues in applications". On the other hand, the top reviewer of Coverity writes "Broad integration capacity and works with more languages than some competitors". Contrast Security Assess is most compared with Veracode, SonarQube, Snyk, Fortify WebInspect and HCL AppScan, whereas Coverity is most compared with SonarQube, Veracode, Checkmarx, Klocwork and Micro Focus Fortify on Demand. See our Contrast Security Assess vs. Coverity report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.