We performed a comparison between Coverity and Micro Focus Fortify on Demand based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Result: Based on the parameters we compared, Micro Focus Fortify on Demand comes out ahead of Coverity. Although both products have valuable features and can be estimated as high-end solutions, our reviewers found that Coverity is very expensive and has slow support.
"The most valuable feature of Coverity is its software security feature called the Checker. If you share some vulnerability or weakness then the software can find any potential security bug or defect. The code integration tool enables some secure coding standards and implements some Checkers for Live Duo. So we can enable secure coding and Azure in this tool. So in our software, we can make sure our software combines some industry supervised data."
"It provides reports about a lot of potential defects."
"The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code."
"The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent."
"Coverity is quite stable and we haven’t had any issues or any downtime."
"The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time."
"The most valuable feature is the integration with Jenkins."
"The features I find most valuable is that our entire company can publish the analysis results into our central space."
"It is a very easy tool for developers to use in parallel while they're doing the coding. It does auto scanning as we are progressing with the CI/CD pipeline. It has got very simple and efficient API support."
"The vulnerability detection and scanning are awesome features."
"The solution is user-friendly."
"Being able to reduce risk overall is a very valuable feature for us."
"The solution is very fast."
"The quality of application security testing reduces risk and gives very few false positives."
"The UL is easy to use compared to that of other tools, and it is highly reliable. The findings provide a lower number of false positives."
"This product is top-notch solution and the technology is the best on the market."
"There should be additional IDE support."
"The product should include more customization options. The analytics is not as deep as compared to SonarQube."
"When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material."
"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."
"We use GitHub and Gitflow, and Coverity does not fit with Gitflow. I have to create a screen for our branches, and it's a pain for developers. It has been difficult to integrate Coverity with our system."
"It should be easier to specify your own validation routines and sanitation routines."
"The setup takes very long."
"The product lacks sufficient customization options."
"The reporting capabilities need improvement, as there are some features that we would like to have but are not available at the moment."
"Micro Focus Fortify on Demand can improve by having more graphs. For example, to show the improvement of the level of security."
"We have some stability issues, but they are minimal."
"An improvement would be the ability to get vulnerabilities flowing automatically into another system."
"We want a user-based control and role-based access for developers. We want to give limited access to developers so that it only pertains to the code that they write and scanning of the codes for any vulnerabilities as they're progressing with writing the code. As of now, the interface to give restricted access to the developers is not the best. It gives them more access than what is basically required, but we don't want over-provisioning and over-access."
"There's a bit of a learning curve. Our development team is struggling with following the rules and following the new processes."
"They have very good support, but there is always room for improvement."
"There are many false positives identified by the solution."
Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews while Fortify on Demand is ranked 9th in Application Security Testing (AST) with 56 reviews. Coverity is rated 7.8, while Fortify on Demand is rated 8.0. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". Coverity is most compared with SonarQube, Klocwork, Checkmarx One, Veracode and Polyspace Code Prover, whereas Fortify on Demand is most compared with SonarQube, Checkmarx One, Veracode, Fortify WebInspect and Snyk. See our Coverity vs. Fortify on Demand report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.