HCL AppScan and Coverity Static compete in the vulnerability detection category. Coverity Static seems to have the upper hand due to its low false positive rate and broad IDE support.
Features: HCL AppScan focuses on detecting vulnerabilities like reflected XSS and SQL injections, offers integration with the SDLC, and provides API support. It is robust with custom rules and stable dynamic scanning. Coverity Static is known for its low false positive rate, powerful scanning capabilities, and detailed interprocedural analysis. It integrates seamlessly with CI/CD tools and supports a wide range of IDEs, benefiting C++ and C# languages.
Room for Improvement: HCL AppScan needs better CI/CD support and enhanced mobile app vulnerability management. Its false positive rate and customer support responsiveness require improvement. Expanding language and platform integration would be beneficial. Coverity Static also faces false positives and could improve its integration with modern DevOps setups. The GUI needs enhancement, and IDE support could be expanded. Its complicated setup and outdated UI need attention for better user experience.
Ease of Deployment and Customer Service: HCL AppScan offers flexible deployment options across on-premises and public cloud environments, though its customer support has declined post-IBM transition. Coverity Static primarily operates on-premises with some hybrid cloud capabilities. Its customer service is rated well but requires an increase in technical support resources in specific regions, maintaining consistency from its historical IBM partnership.
Pricing and ROI: HCL AppScan is perceived as expensive, with users accepting the cost for its features, though currency fluctuations pose pricing challenges. Despite the high cost, significant ROI is reported due to vulnerability reduction. Coverity Static's pricing based on lines of code or users can be cumbersome for large teams. While it offers comprehensive language support, the cost may deter license expansion, affecting ROI perception.
| Product | Market Share (%) |
|---|---|
| Coverity Static | 6.0% |
| HCL AppScan | 2.5% |
| Other | 91.5% |
| Company Size | Count |
|---|---|
| Small Business | 8 |
| Midsize Enterprise | 6 |
| Large Enterprise | 31 |
| Company Size | Count |
|---|---|
| Small Business | 13 |
| Midsize Enterprise | 6 |
| Large Enterprise | 31 |
Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts.
Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports more than 20 languages and 200 frameworks and templates.
IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
