Coverity Static vs OpenText Core Application Security comparison

Coverity Static vs. OpenText Core Application Security

Download the complete report

Helped 884,873 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Coverity Static

Ranking in Static Application Security Testing (SAST)

8th

Average Rating

7.8

Reviews Sentiment

6.5

Number of Reviews

Ranking in other categories

No ranking in other categories

OpenText Core Application S...

Ranking in Static Application Security Testing (SAST)

12th

Average Rating

8.0

Reviews Sentiment

7.0

Number of Reviews

Ranking in other categories

Application Security Tools (13th)

Mindshare comparison

As of March 2026, in the Static Application Security Testing (SAST) category, the mindshare of Coverity Static is 3.8%, down from 8.0% compared to the previous year. The mindshare of OpenText Core Application Security is 3.0%, down from 4.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Static Application Security Testing (SAST) Mindshare Distribution
Product	Mindshare (%)
Coverity Static	3.8%
OpenText Core Application Security	3.0%
Other	93.2%

Static Application Security Testing (SAST)

Featured Reviews

Kasiraja Thangapandian

Software Engineering Manager at Visteon Corporation

Using tools for compliance is beneficial but cost concerns persist

We have been using Coverity for quite a long period. It has been fine for our needs. I would rate Coverity between eight to nine, though the cost is high. I would rate their support from Coverity as six. That is the main complaint, but we still appreciate having it.

Read full review

Himanshu_Tyagi

Lead Cybersecurity at TBO

Supports secure development pipelines and improves issue detection but limits internal visibility and needs broader dashboard integration

If you have an internal team and you want your internal team to validate false positives, basically to determine whether it's a valid issue or an invalid issue, then I wouldn't recommend it much. That was the only reason we migrated from Fortify on Demand to another solution. Fortify has another tool which is Fortify WebInspect. On Demand is the outsourcing solution, and WebInspect you can use with your in-house team, which is basically the product developed by the Fortify team. For automated scanning, Fortify helps a lot. Regarding the visibility for the internal team, everyone is moving toward the DevSecOps side, and Fortify team has made good progress that you can integrate into your CICD pipeline. One thing I would highlight is if Fortify can focus more on the centralized dashboard of the tools because nowadays, tools such as SentinelOne also exist for identifying security issues, but they have a centralized dashboard that merges their cloud solution and application security side solution together. If you have one tool that works for different solutions, it helps a lot. They are doing good, but they should invest more on the AI side as well because AI security is evolving these days. On the cloud side, they have already made good progress, but I believe they should explore the new area related to AI security as well.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Coverity integrates with issue-tracking systems like Jira and provides email notifications, alerts, and other features."

"The features I find most valuable is that our entire company can publish the analysis results into our central space."

"In my opinion, the most effective Coverity feature for identifying critical vulnerabilities is the extra checks, which offers deep analysis."

"It provides reports about a lot of potential defects."

"The solution has improved our code quality and security very well."

"It's very stable."

"What I find most effective about Coverity is its low rate of false positives. I've seen other platforms with many false positives, but with Coverity, most vulnerabilities it identifies are genuine. This allows me to focus on real issues."

"The product is easy to use."

More Coverity Static pros

"The most valuable feature of Micro Focus Fortify on Demand is the information it can provide. There is quite a lot of information. It can pinpoint right down to where the problem is, allowing you to know where to fix it. Overall the features are easy to use, you don't have to be a coder. You can be a manager, or in IT operations, et cetera, anyone can use it. It is quite a well-rounded functional solution."

"Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning."

"HP Fortify on Demand provides an independent review of third-party applications, allowing organizations to test software before purchasing, and also allowing software vendors to demonstrate the security of their software."

"The best features with Fortify on Demand include having analysis for any product based on analysis points."

"It has saved us a lot of time as we focus primarily on programming rather than tool operational work."

"One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that."

"It enforces source-code scanning, finding vulnerabilities in source code."

"The most valuable feature is the capacity to be able to check vulnerabilities during the development process. The development team can check whether the code they are using is vulnerable to some type of attack or there is some type of vulnerability so that they can mitigate it. It helps us in achieving a more secure approach towards internal applications. It is an intuitive solution. It gives all the information that a developer needs to remediate a vulnerability in the coding process. It also gives you some examples of how to remediate a vulnerability in different programming languages. This solution is pretty much what we were searching for."

More OpenText Core Application Security pros

Cons

"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."

"Some features are not performing well, like duplicate detection and switch case situations."

"I would like to see integration with popular IDEs, such as Eclipse."

"Coverity concerns its dashboards and reporting."

"Sometimes, vulnerabilities remain unidentified even after setting up the rules."

"SCM integration is very poor in Coverity."

"There is an extra step in my organization that involves uploading to servers, which adds overhead."

"Reporting engine needs to be more robust."

More Coverity Static cons

"Sometimes when we run a full scan, we have a bunch of issues in the code. We should not have any issues."

"It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the overall time span to scan the code, and even to set up the code scanning, is a bit overwhelming for regular developers."

"I would rate the support for OpenText at no more than three out of ten; it is really bad, and we encounter a lot of problems when getting support."

"With Rapid7 I utilized its reporting capabilities to deliver Client Reports within just a few minutes of checking the data. I believe that HP’s FoD Clients could sell more services to clients if HP put more effort into delivering visually pleasing reporting capabilities."

"I know OpenText is developing Aviator, similar to ChatGPT, with LLM inside the OpenText Core Application Security environment. However, I understand they do not have it for the on-premises environment."

"In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication. They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful."

"It does scanning for all virtual machines and other things, but it doesn't do the scanning for containers. It currently lacks the ability to do the scanning on containers. We're asking their product management team to expand this capability to containers."

"Primarily for a complex, advanced website, they don't really understand some of the functionalities. So for instance, they could tell us that there is a vulnerability because somebody could possibly do something, but they don't really understand the code to realize that we actually negate that vulnerability through some other mechanism in the program. In addition, the technical support is just not there. We have open tickets. They don't respond. Even if they respond, we're not seeing eye to eye. As the company got sold and bought, the support got worse."

More OpenText Core Application Security cons

Pricing and Cost Advice

"It is expensive."

"The pricing is very reasonable compared to other platforms. It is based on a three year license."

"I would rate Coverity's pricing as a nine out of ten. It's already very expensive, and it's a problem for us to get more licenses due to the price. The pricing model has some good aspects - for example, a personal license gives access to all languages without code limitations, which is better than some competitors. However, it's still a lot of money for us to spend."

"The price is competitive with other solutions."

"I rate Coverity's price a ten on a scale of one to ten, where one is cheap and ten is expensive."

"I would rate the pricing a six out of ten, where one is low, and ten is high price."

"The tool was fairly priced."

"Offers varying prices for different companies"

More Coverity Static pricing and cost advice

"The solution is a little expensive."

"We make an annual purchase of the licenses we need."

"The solution is expensive and the price could be reduced."

"The price is fair compared to that of other solutions."

"The subscription model, on a per-scan basis, is a bit expensive. That's another reason we are not using it for all the apps."

"There are different costs for Micro Focus Fortify on Demand depending on the assessments you want to use. There is only a standard license needed to use the solution."

"The product's cost depends on the type of license."

"Fortify on Demand is more expensive than Burpsuite. I rate its pricing a nine out of ten."

More OpenText Core Application Security pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.

See recommendations

884,873 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Manufacturing Company

31%

Computer Software Company

10%

Financial Services Firm

Comms Service Provider

Financial Services Firm

15%

Manufacturing Company

14%

Government

Computer Software Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	8
Midsize Enterprise	6
Large Enterprise	31

By reviewers
Company Size	Count
Small Business	18
Midsize Enterprise	8
Large Enterprise	45

Questions from the Community

How would you decide between Coverity and Sonarqube?

We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...

What is your experience regarding pricing and costs for Coverity?

I do not know about the pricing.

What needs improvement with Coverity?

The price is a concern, and there are a lot of false positives coming through. Support with Coverity is adequate, but they take a longer time to respond. The core support is not straightforward, an...

What do you like most about Micro Focus Fortify on Demand?

It helps deploy and track changes easily as per time-to-time market upgrades.

What is your experience regarding pricing and costs for Micro Focus Fortify on Demand?

In comparison with other tools, they're competitive. It is not more expensive than other solutions, but their pricing is competitive. The licenses for Fortify On Demand are generally bought in unit...

What needs improvement with Micro Focus Fortify on Demand?

SonarQube vs Coverity Static

Comparisons

Compared 24% of the time

Klocwork vs Coverity Static

Compared 7% of the time

Veracode vs Coverity Static

Compared 7% of the time

CodeSonar vs Coverity Static

Compared 6% of the time

Checkmarx One vs Coverity Static

Compared 4% of the time

More Coverity Static Competitors

SonarQube vs OpenText Core Application Security

Compared 20% of the time

Checkmarx One vs OpenText Core Application Security

Compared 10% of the time

Veracode vs OpenText Core Application Security

Compared 5% of the time

GitHub Advanced Security vs OpenText Core Application Security

Compared 4% of the time

HCL AppScan vs OpenText Core Application Security

Compared 3% of the time

More OpenText Core Application Security Competitors

Product Reports

Coverity Static

Download Coverity Static product report

OpenText Core Application Security

Download OpenText Core Application Security product report

OpenText Core Application Security report

Also Known As

Synopsys Static Analysis

Micro Focus Fortify on Demand

Overview

Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts.

Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports more than 20 languages and 200 frameworks and templates.

Black Duck

OpenText Core Application Security offers robust features like static and dynamic scanning, real-time vulnerability tracking, and seamless integration with development platforms, designed to enhance code security and reduce operational costs.

OpenText Core Application Security is a cloud-based, on-demand service providing accurate and deep scanning capabilities with detailed reporting. Its integrations with development platforms ensure an enhanced security layer in the development lifecycle, benefiting users by lowering operational costs and facilitating efficient remediation. The platform addresses needs for intuitive interfaces, API support, and comprehensive vulnerability assessments, helping improve code security and accelerate time-to-market. Despite its strengths, challenges exist around false positives, report clarity, and language support, alongside confusing pricing and package options. Enhancements are sought in areas like CI/CD pipeline configuration, report visualization, scan times, and integration with third-party tools such as GitLab, container scanning, and software composition analysis.

What features define OpenText Core Application Security?

Static and Dynamic Scanning: Offers thorough analysis to identify vulnerabilities during development.
Real-time Vulnerability Tracking: Continuously updates and monitors potential security threats.
Seamless Development Platform Integration: Enhances security processes without disrupting workflows.
Cloud-Based Service: Provides flexible, on-demand security capabilities with accurate results.
API Support: Allows smooth integration and automation within existing systems.

What benefits should users look for in reviews?

Reduced Operational Costs: Optimizes resources by lowering costs associated with security management.
Efficient Remediation: Speeds up the process of identifying and resolving vulnerabilities.
Enhanced Code Security: Strengthens overall application security during the development lifecycle.
Accelerated Time-to-Market: Streamlines development stages by integrating essential security tools.

Industries like mobile applications, e-commerce, and banking leverage OpenText Core Application Security for its ability to identify vulnerabilities such as SQL injections. Integrating seamlessly with DevSecOps and security auditing processes, this tool supports developers in writing safer code, ensuring secure application deployment and enhancing software assurance.

OpenText

Sample Customers

SAP, Mega International, Thales Alenia Space

SAP, Aaron's, British Gas, FICO, Cox Automative, Callcredit Information Group, Vital and more.

Coverity Static vs. OpenText Core Application Security