HCL AppScan and Coverity Static are competitors in the field of security testing software. HCL AppScan seems to have an upper hand in providing a comprehensive feature set that focuses on security testing during development, whereas Coverity Static stands out with reduced false positives and seamless CI/CD integration.
Features: HCL AppScan is noted for its ability to detect XSS vulnerabilities and SQL injections, and its integration during the coding phase of the SDLC aids in effective scanning. Coverity Static offers detailed remediation guidance, excels in reducing false positives, and provides reliable interprocedural analysis, enhancing code quality.
Room for Improvement: HCL AppScan could benefit from better handling of mobile-specific vulnerabilities, reduced false positives, and improved integration with reporting tools. Enhancements are needed for a more user-friendly dashboard. Coverity Static requires improvements in ease of use and setup processes, as well as more customization options in the graphical interface and expanded integration capabilities.
Ease of Deployment and Customer Service: HCL AppScan provides cloud and on-premises deployment options with positive technical support feedback, despite a need for better responsiveness. Coverity Static primarily offers on-premises deployment, with some hybrid cloud options, and also requires improvements in support responsiveness and integration with cloud environments.
Pricing and ROI: HCL AppScan is critiqued for high pricing, but users find it cost-effective due to comprehensive features. Coverity Static is deemed quite expensive, especially as pricing is based on user count, potentially increasing costs for larger teams. Both tools are credited with significant ROI through their efficiency in reducing software defects.
| Product | Mindshare (%) |
|---|---|
| Coverity Static | 3.8% |
| HCL AppScan | 2.2% |
| Other | 94.0% |
| Company Size | Count |
|---|---|
| Small Business | 8 |
| Midsize Enterprise | 6 |
| Large Enterprise | 31 |
| Company Size | Count |
|---|---|
| Small Business | 14 |
| Midsize Enterprise | 6 |
| Large Enterprise | 31 |
Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts.
Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports more than 20 languages and 200 frameworks and templates.
IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
