Coverity vs Fortify on Demand comparison

Coverity
Read 36 Coverity reviews
  • 16,689 Views
  • 10,948 Comparison Views
87% willing to recommend
Fortify on Demand
Read 58 Fortify on Demand reviews
  • 9,437 Views
  • 7,002 Comparison Views
89% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Mar 20, 2023

We performed a comparison between Coverity and Micro Focus Fortify on Demand based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Micro Focus Fortify on Demand has a simple initial setup that takes a couple of hours. Coverity's setup is straightforward with on-screen instructions, but the overall deployment time depends on project size and integration needs.
  • Features: Micro Focus Fortify on Demand has quick project setup, static and dynamic code scanning, endpoint vulnerability identification, and task delegation, and is user-friendly. Coverity has contributing events for root cause understanding, independent scan runs, good memory, static order analysis, stable C++ component analysis, and is easy to set up and powerful.
  • Pricing: Micro Focus Fortify on Demand's pricing model is based on the number of applications to scan. Coverity is considered expensive and could benefit from a price reduction.
  • Service and Support: Micro Focus Fortify on Demand has responsive and helpful tech support. Coverity offers email, call, and Webex support, but some users have reported slow response times.
  • ROI: Micro Focus Fortify on Demand has saved money for some companies by automating scans. Coverity has provided value to companies over the last ten years.

Comparison Result: Based on the parameters we compared, Micro Focus Fortify on Demand comes out ahead of Coverity. Although both products have valuable features and can be estimated as high-end solutions, our reviewers found that Coverity is very expensive and has slow support.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Coverity vs. Fortify on Demand Report (Updated: July 2024).
Buyer's Guide
Coverity vs. Fortify on Demand
July 2024
Download the complete report
Helped 793,295 peers since 2012
 

Categories and Ranking

Coverity
Ranking in Static Application Security Testing (SAST)
4th
Average Rating
7.8
Number of Reviews
36
Ranking in other categories
No ranking in other categories
Fortify on Demand
Ranking in Static Application Security Testing (SAST)
9th
Average Rating
8.0
Number of Reviews
58
Ranking in other categories
Application Security Tools (8th)
 

Mindshare comparison

As of July 2024, in the Static Application Security Testing (SAST) category, the mindshare of Coverity is 8.2%, up from 6.5% compared to the previous year. The mindshare of Fortify on Demand is 5.0%, up from 4.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
Unique Categories:
No other categories found
Application Security Tools
4.8%
 

Featured Reviews

Arun Dahiphale - PeerSpot reviewer
Feb 20, 2024
Improves code quality and security and provides an informative dashboard and professional-looking reports
The scan of the repository has been most effective in identifying critical vulnerabilities. The product provided visibility over security-related issues like hard coding and values getting exposed in a log. It helped us resolve difficult issues. With CI/CD integration, we could scan the incremental commits done by different developers. We were able to report them, and the developers were able to fix them. The product identifies the issues and has an informative dashboard that gives us strains of incremental issues and resolutions. It also keeps track of whether the reported issues were fixed and what the resolution was. Sometimes, we find duplicate issues. Those were very well managed from the dashboard. Our primary requirement was for compliance, and it was good. The reports were significant and looked very professional.
Read full review
Javad_Talebi - PeerSpot reviewer
Mar 1, 2024
Identifies critical vulnerabilities and offers good scanning capabilities
We have added it to our operational toolkit to ensure it's part of our development spectrum. We added it directly into our Jenkins pipelines. We have some products that are publicly accessible via phone or website. These products need to be extra secure because they rely on firewalls, and hackers could potentially exploit them. Fortify on Demand provided us with valuable information on how to fix a critical API vulnerability. So, Fortify on Demand identifies critical vulnerabilities. We have two security scans. One is Fortify on Demand, and the other is for an outsourced company. For Fortify, you assign the specific branch of code you want to scan. You can scan the code you're currently deploying through Jenkins pipelines. Since it's external, you can also scan other brands if needed. Otherwise, you can specify which specific brands or smaller branches to scan within your entire codebase.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is the integration with Jenkins."
"Coverity is easy to set up and has a less lengthy process to find vulnerabilities."
"The solution effectively identifies bugs in code."
"In my opinion, the most effective Coverity feature for identifying critical vulnerabilities is the extra checks, which offers deep analysis."
"We were very comfortable with the initial setup."
"The product has deeper scanning capabilities."
"The product has been beneficial in logging functionality, allowing me to categorize vulnerabilities based on severity. This aids in providing updated reports on subsequent scans."
"I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be."
More Coverity pros
"While using Micro Focus Fortify on Demand we have been very happy with the results and findings."
"The quality of application security testing reduces risk and gives very few false positives."
"The solution is user-friendly. One feature I find very effective is the tool's automatic scanning capability. It scans replicas of the code developers write and automatically detects any vulnerabilities. The integration with CI/CD tools is also useful for plugins."
"The most valuable feature is the capacity to be able to check vulnerabilities during the development process. The development team can check whether the code they are using is vulnerable to some type of attack or there is some type of vulnerability so that they can mitigate it. It helps us in achieving a more secure approach towards internal applications. It is an intuitive solution. It gives all the information that a developer needs to remediate a vulnerability in the coding process. It also gives you some examples of how to remediate a vulnerability in different programming languages. This solution is pretty much what we were searching for."
"The solution is very fast."
"The licensing was good."
"Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."
"The user interface is good."
More Fortify on Demand pros
 

Cons

"When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material."
"The tool needs to improve its reporting."
"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."
"Sometimes, vulnerabilities remain unidentified even after setting up the rules."
"It should be easier to specify your own validation routines and sanitation routines."
"There should be additional IDE support."
"SCM integration is very poor in Coverity."
"Right now, the Coverity executable is around 1.2GB to download. If they can reduce it to approximately 600 or 700MB, that would be great. If they decrease the executable, it will be much easier to work in an environment like Docker."
More Coverity cons
".NET code scanning is still dependent on building the code base before running any scan. Also, it's dependent on an IDE such as Visual Studio."
"They have very good support, but there is always room for improvement."
"There is room for improvement in the integration process."
"The product has a lot of false positives."
"We have some stability issues, but they are minimal."
"There are lots of limitations with code technology. It cannot scan .net properly either."
"The vulnerability analysis does not always provide guidelines for what the developer should do in order to correct the problem, which means that the code has to be manually inspected and understood."
"Integration to CI/CD pipelines could be improved. The reporting format could be more user friendly so that it is easy to read."
More Fortify on Demand cons
 

Pricing and Cost Advice

"Coverity is quite expensive."
"It is expensive."
"I rate Coverity's price a ten on a scale of one to ten, where one is cheap and ten is expensive."
"The tool was fairly priced."
"This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis."
"The price is competitive with other solutions."
"The pricing is on the expensive side, and we are paying for a couple of items."
"The solution is affordable."
More Coverity pricing and cost advice
"The pricing can be improved because it is complex when compared to the competition."
"We are still using the trial version at this point but I can already see from the trial version alone that it is a good product. For others, I would say that Fortify on Demand might look expensive at the beginning, but it is very powerful and so you shouldn't be put off by the price."
"We used the one-time application, Security Scan Dynamic. I believe the original fee was $8,000."
"The licensing was good because the licenses have the heavy centralized server."
"The subscription model, on a per-scan basis, is a bit expensive. That's another reason we are not using it for all the apps."
"If I exceed one million lines of code, there might be an extra cost or a change in the pricing bracket."
"Despite being on the higher end in terms of cost, the biggest value lies in its abilities, including robust features, seamless integration, and high-quality findings."
"Fortify on Demand is affordable, and its licensing comes with a year of support."
More Fortify on Demand pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
See recommendations
793,295 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
31%
Computer Software Company
16%
Financial Services Firm
7%
Government
4%
Financial Services Firm
19%
Computer Software Company
14%
Manufacturing Company
12%
Government
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
See all answers
What do you like most about Coverity?
The solution has improved our code quality and security very well.
See all answers
What is your experience regarding pricing and costs for Coverity?
I don't deal with the pricing.
See all answers
What do you like most about Micro Focus Fortify on Demand?
It helps deploy and track changes easily as per time-to-time market upgrades.
See all answers
What is your experience regarding pricing and costs for Micro Focus Fortify on Demand?
Fortify on Demand is more expensive than Burpsuite. I rate its pricing a nine out of ten.
See all answers
What needs improvement with Micro Focus Fortify on Demand?
The product has a lot of false positives. If the outputs can have fewer false positives, then that will be the greatest benefit the tool can offer.
See all answers
 

Comparisons

SonarQube vs Coverity Logo
SonarQube vs Coverity
Compared 51% of the time
Klocwork vs Coverity Logo
Klocwork vs Coverity
Compared 8% of the time
Checkmarx One vs Coverity Logo
Checkmarx One vs Coverity
Compared 6% of the time
Veracode vs Coverity Logo
Veracode vs Coverity
Compared 5% of the time
Polyspace Code Prover vs Coverity Logo
Polyspace Code Prover vs Coverity
Compared 4% of the time
More Coverity Competitors
SonarQube vs Fortify on Demand Logo
SonarQube vs Fortify on Demand
Compared 19% of the time
Checkmarx One vs Fortify on Demand Logo
Checkmarx One vs Fortify on Demand
Compared 15% of the time
Veracode vs Fortify on Demand Logo
Veracode vs Fortify on Demand
Compared 15% of the time
Fortify WebInspect vs Fortify on Demand Logo
Fortify WebInspect vs Fortify on Demand
Compared 4% of the time
Snyk vs Fortify on Demand Logo
Snyk vs Fortify on Demand
Compared 4% of the time
More Fortify on Demand Competitors
 

Product Reports

Buyer's Guide
Coverity
July 2024
Coverity reportDownload Coverity product report
Buyer's Guide
Fortify on Demand
July 2024
Fortify on Demand reportDownload Fortify on Demand product report
 

Also Known As

Synopsys Static Analysis
Micro Focus Fortify on Demand
 

Learn More

Synopsys
OpenText
 

Overview

Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts. 

Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports more than 20 languages and 200 frameworks and templates.

Fortify on Demand is a web application security testing tool that enables continuous monitoring. The solution is designed to help you with security testing, vulnerability management and tailored expertise, and is able to provide the support needed to easily create, supplement, and expand a software security assurance program without the need for additional infrastructure or resources.

Fortify on Demand Features

Fortify on Demand has many valuable key features. Some of the most useful ones include:

  • Deployment flexibility
  • Scalability
  • Built for DevSecOps
  • Ease of use
  • Supports 27+ languages
  • Real-time vulnerability identification with
  • Security Assistant
  • Actionable results in less than 1 hour for most applications with DevOps automation
  • Expanded coverage, accuracy and remediation details with IAST runtime agent
  • Continuous application monitoring of production applications
  • Virtual patches
  • Supports iOS and Android mobile applications
  • Security vulnerability identification
  • Behavioral and reputation analysis

Fortify on Demand Benefits

There are several benefits to implementing Fortify on Demand. Some of the biggest advantages the solution offers include:

  • Fast remediation: With Fortify on Demand you can achieve fast remediation throughout the software lifecycle with robust assessments by a team of security experts.
  • Easy integration: The solution’s integration ecosystem is easy to use, creating a more secure software supply chain.
  • Security testing: Fortify on Demand covers in-depth mobile app security testing, open-source analysis, and vendor application security management, in addition to static and dynamic testing.

Reviews from Real Users

Below are some reviews and helpful feedback written by PeerSpot users currently using the Fortify on Demand solution.

Dionisio V., Senior System Analyst at Azurian, says, "One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that." He goes on to add, “Another reason I like Fortify on Demand is because our code often includes open source libraries, and it's important to know when the library is outdated or if it has any known vulnerabilities in it. This information is important to us when we're developing our solutions and Fortify on Demand informs us when it detects any vulnerable open source libraries.”

A Security Systems Analyst at a retailer mentions, “Being able to reduce risk overall is a very valuable feature for us.”

Jayashree A., Executive Manager at PepsiCo, comments, “Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning. When we are exploring some of the endpoints this solution identifies many loopholes that hackers could utilize for an attack. This has been very helpful and surprising how many vulnerabilities there can be.”

A Principal Solutions Architect at a security firm explains, “Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out.”

PeerSpot user Mamta J., Co-Founder at TechScalable, states, "Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."

 

Sample Customers

SAP, Mega International, Thales Alenia Space
SAP, Aaron's, British Gas, FICO, Cox Automative, Callcredit Information Group, Vital and more.
Buyer's Guide
Coverity vs. Fortify on Demand
July 2024
Free Report: Coverity vs. Fortify on Demand
Find out what your peers are saying about Coverity vs. Fortify on Demand and other solutions. Updated: July 2024.
DOWNLOAD NOW
793,295 professionals have used our research since 2012.
See our Coverity vs. Fortify on Demand report.
See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.