We performed a comparison between Coverity and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's very stable."
"The app analysis is the most valuable feature as I know other solutions don't have that."
"The most valuable feature is that there were not a whole lot of false positives, at least on the codebases that I looked at."
"The most valuable feature of Coverity is its software security feature called the Checker. If you share some vulnerability or weakness then the software can find any potential security bug or defect. The code integration tool enables some secure coding standards and implements some Checkers for Live Duo. So we can enable secure coding and Azure in this tool. So in our software, we can make sure our software combines some industry supervised data."
"The product has been beneficial in logging functionality, allowing me to categorize vulnerabilities based on severity. This aids in providing updated reports on subsequent scans."
"The most valuable feature is the integration with Jenkins."
"The features I find most valuable is that our entire company can publish the analysis results into our central space."
"Coverity gives advisory and deviation features, which are some of the parts I liked."
"We leverage it as a quality check against code."
"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
"The solution is easy to use."
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"The solution offers services in a few specific development languages."
"We use it as a security testing application."
"The UI was very intuitive."
"The solution is a bit complex to use in comparison to other products that have many plugins."
"It would be great if we could customize the rules to focus on critical issues."
"The tool needs to improve its reporting."
"Some features are not performing well, like duplicate detection and switch case situations."
"The product lacks sufficient customization options."
"Ideally, it would have a user-based license that does not have a restriction in the number of lines of code."
"There should be additional IDE support."
"They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier."
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
"It has crashed at times."
"They have to improve support."
"One thing which I think can be improved is the CI/CD Integration"
"There is room for improvement in the pricing model."
"IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications."
"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."
"IBM Security AppScan Source is rather hard to use."
Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews while HCL AppScan is ranked 12th in Application Security Testing (AST) with 39 reviews. Coverity is rated 7.8, while HCL AppScan is rated 7.6. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, Checkmarx One and PortSwigger Burp Suite Professional. See our Coverity vs. HCL AppScan report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.