Try our new research platform with insights from 80,000+ expert users

Coverity vs HCL AppScan comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Coverity
Ranking in Static Application Security Testing (SAST)
5th
Average Rating
7.8
Reviews Sentiment
6.5
Number of Reviews
43
Ranking in other categories
No ranking in other categories
HCL AppScan
Ranking in Static Application Security Testing (SAST)
15th
Average Rating
7.8
Reviews Sentiment
6.1
Number of Reviews
43
Ranking in other categories
Application Security Tools (15th), Dynamic Application Security Testing (DAST) (1st)
 

Mindshare comparison

As of July 2025, in the Static Application Security Testing (SAST) category, the mindshare of Coverity is 7.2%, up from 6.7% compared to the previous year. The mindshare of HCL AppScan is 2.6%, up from 2.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Jaile Sebes - PeerSpot reviewer
Resolving critical software issues demands faster implementation and better integration
We use Coverity primarily to find issues such as software bugs and memory leaks, especially in C++ and C# projects. It helps us identify deadlocks, synchronization issues, and product crashes Coverity has been instrumental in resolving product crashes by detecting various issues like deadlocks.…
Sthembiso Zondi - PeerSpot reviewer
Has a straightforward setup process and valuable security features
We use AppScan primarily for security testing and performance monitoring across our systems The product's features for comprehensive code analysis (static) and live environment testing (dynamic) have significantly enhanced our ability to identify and address vulnerabilities, improving overall…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The security analysis features are the most valuable features of this solution."
"The product has been beneficial in logging functionality, allowing me to categorize vulnerabilities based on severity. This aids in providing updated reports on subsequent scans."
"The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent."
"Coverity is quite stable and we haven’t had any issues or any downtime."
"The features I find most valuable is that our entire company can publish the analysis results into our central space."
"The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time."
"The solution effectively identifies bugs in code."
"One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited."
"The most valuable feature of HCL AppScan is scanning QR codes."
"AppScan's most valuable features include its ability to identify vulnerabilities accurately, provide detailed remediation steps, and the newly introduced AI-powered features that enhance its functionality further."
"IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability."
"It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings."
"The product is useful, particularly in its sensitivity and scanning capabilities."
"The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase."
"Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."
"I like the recording feature."
 

Cons

"We use GitHub and Gitflow, and Coverity does not fit with Gitflow. I have to create a screen for our branches, and it's a pain for developers. It has been difficult to integrate Coverity with our system."
"It would be great if we could customize the rules to focus on critical issues."
"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."
"Coverity concerns its dashboards and reporting."
"SCM integration is very poor in Coverity."
"The product lacks sufficient customization options."
"It should be easier to specify your own validation routines and sanitation routines."
"The solution needs to improve its false positives."
"The solution could improve by having a mobile version."
"They could add a software component analysis tool."
"It has crashed at times."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"The pricing has room for improvement."
"​IBM Security AppScan Source is rather hard to use​."
"In future releases, I would like to see more aggressive reports. I would also like to see less false positives."
"Scans become slow on large websites."
 

Pricing and Cost Advice

"I would rate the tool's pricing a one out of ten."
"The pricing is on the expensive side, and we are paying for a couple of items."
"The price is competitive with other solutions."
"Coverity’s price is on the higher side. It should be lower."
"I rate Coverity's price a ten on a scale of one to ten, where one is cheap and ten is expensive."
"It is expensive."
"I would rate Coverity's pricing as a nine out of ten. It's already very expensive, and it's a problem for us to get more licenses due to the price. The pricing model has some good aspects - for example, a personal license gives access to all languages without code limitations, which is better than some competitors. However, it's still a lot of money for us to spend."
"The pricing is very reasonable compared to other platforms. It is based on a three year license."
"The solution is cheap."
"The product has premium pricing and could be more competitive."
"The tool was expensive."
"The product is moderately priced, though it's an investment due to extensive code analysis needs."
"Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."
"The solution is moderately priced."
"I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."
"With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
860,168 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
32%
Computer Software Company
14%
Financial Services Firm
7%
Government
4%
Computer Software Company
18%
Financial Services Firm
14%
Government
12%
Manufacturing Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
What do you like most about Coverity?
The solution has improved our code quality and security very well.
What do you like most about HCL AppScan?
The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.
What needs improvement with HCL AppScan?
AppScan needs to improve its handling of false positives. It also requires enhancements in customer support, similar to what Veracode provides. Regularly scheduling calls with clients to discuss fe...
What is your primary use case for HCL AppScan?
The primary use case for AppScan is for security purposes. I compare AppScan with other tools such as Veracode. We use AppScan for vulnerability detection and auto-remediation of vulnerabilities wi...
 

Also Known As

Synopsys Static Analysis
IBM Security AppScan, Rational AppScan, AppScan
 

Overview

 

Sample Customers

SAP, Mega International, Thales Alenia Space
Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
Find out what your peers are saying about Coverity vs. HCL AppScan and other solutions. Updated: June 2025.
860,168 professionals have used our research since 2012.