Try our new research platform with insights from 80,000+ expert users

Coverity vs Invicti comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Coverity
Ranking in Static Application Security Testing (SAST)
4th
Average Rating
7.8
Reviews Sentiment
6.5
Number of Reviews
43
Ranking in other categories
No ranking in other categories
Invicti
Ranking in Static Application Security Testing (SAST)
14th
Average Rating
8.2
Reviews Sentiment
7.3
Number of Reviews
29
Ranking in other categories
API Security (6th), Dynamic Application Security Testing (DAST) (4th)
 

Mindshare comparison

As of June 2025, in the Static Application Security Testing (SAST) category, the mindshare of Coverity is 7.4%, up from 6.6% compared to the previous year. The mindshare of Invicti is 1.5%, up from 1.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Jaile Sebes - PeerSpot reviewer
Resolving critical software issues demands faster implementation and better integration
We use Coverity primarily to find issues such as software bugs and memory leaks, especially in C++ and C# projects. It helps us identify deadlocks, synchronization issues, and product crashes Coverity has been instrumental in resolving product crashes by detecting various issues like deadlocks.…
Kunal M - PeerSpot reviewer
Proactive scanning measures and realistic audit recommendations enhance development focus
Invicti's proactive scanning measures vulnerabilities each time we deploy or push code to a new environment. This feature helps us focus on priorities and prioritize the development team's effort, integrating seamlessly with DevOps to facilitate proactive scans of environments. Invicti also provides audit recommendations that are quite realistic, making it easy to discuss plans with developers.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution has improved our code quality and security very well."
"It provides reports about a lot of potential defects."
"What I find most effective about Coverity is its low rate of false positives. I've seen other platforms with many false positives, but with Coverity, most vulnerabilities it identifies are genuine. This allows me to focus on real issues."
"The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code."
"Provides software security, and helps to find potential security bugs or defects."
"The product has been beneficial in logging functionality, allowing me to categorize vulnerabilities based on severity. This aids in providing updated reports on subsequent scans."
"The app analysis is the most valuable feature as I know other solutions don't have that."
"It is a scalable solution."
"The scanner is light on the network and does not impact the network when scans are running."
"The platform is stable."
"The most valuable feature of Invicti is getting baseline scanning and incremental scan."
"Invicti is a good product, and its API testing is also good."
"Attacking feature: Actually, attacking is not a solo feature. It contains many attack engines, Hawk, and many properties. But Netsparker's attacking mechanism is very flexible. This increases the vulnerability detection rate. Also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing. It's very valuable for a vulnerability scanner."
"When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
"Invicti's best feature is the ability to identify vulnerabilities and manually verify them."
"High level of accuracy and quick scanning."
 

Cons

"We're currently facing a primary challenge with automation using Coverity. Each developer has a license and can perform manual checks, and we also have a nightly build that analyzes the entire software. The main issue is that the tool can't look behind submodules in our code base, so it doesn't see changes stored there."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"It should be easier to specify your own validation routines and sanitation routines."
"Some features are not performing well, like duplicate detection and switch case situations."
"The level of vulnerability that this solution covers could be improved compared to other open source tools."
"When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material."
"Coverity is not stable."
"Coverity is not a user-friendly product."
"It would be better for listing and attacking Java-based web applications to exploit vulnerabilities."
"Maybe the ability to make a good reporting format is needed."
"The solution's false positive analysis and vulnerability analysis libraries could be improved."
"Invicti takes too long with big applications, and there are issues with the login portal."
"I think that it freezes without any specific reason at times. This needs to be looked into."
"Right now, they are missing the static application security part, especially web application security."
"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."
"The custom attack preparation screen might be improved."
 

Pricing and Cost Advice

"The tool was fairly priced."
"Offers varying prices for different companies"
"The pricing is on the expensive side, and we are paying for a couple of items."
"This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis."
"I would rate Coverity's pricing as a nine out of ten. It's already very expensive, and it's a problem for us to get more licenses due to the price. The pricing model has some good aspects - for example, a personal license gives access to all languages without code limitations, which is better than some competitors. However, it's still a lot of money for us to spend."
"It is expensive."
"The price is competitive with other solutions."
"The solution is affordable."
"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."
"We never had any issues with the licensing; the price was within our assigned limits."
"The price should be 20% lower"
"OWASP Zap is free and it has live updates, so that's a big plus."
"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
856,873 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
32%
Computer Software Company
14%
Financial Services Firm
7%
Government
4%
Educational Organization
36%
Financial Services Firm
12%
Computer Software Company
10%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
What do you like most about Coverity?
The solution has improved our code quality and security very well.
What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
As a technical user, I do not handle pricing or licensing, but I am aware that Invicti offers flexible licensing models based on organizational needs.
What do you like most about Invicti?
The most valuable feature of Invicti is getting baseline scanning and incremental scan.
What needs improvement with Invicti?
Invicti's reporting capabilities need enhancement. We need enterprise-level information instead of repo-level details. Unlike Appiro, Invicti does not provide portfolio-level insights into vulnerab...
 

Comparisons

 

Also Known As

Synopsys Static Analysis
Netsparker
 

Overview

 

Sample Customers

SAP, Mega International, Thales Alenia Space
Samsung, The Walt Disney Company, T-Systems, ING Bank
Find out what your peers are saying about Coverity vs. Invicti and other solutions. Updated: June 2025.
856,873 professionals have used our research since 2012.