We performed a comparison between Coverity and Invicti based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be."
"The interface of Coverity is quite good, and it is also easy to use."
"Provides software security, and helps to find potential security bugs or defects."
"The product has deeper scanning capabilities."
"The app analysis is the most valuable feature as I know other solutions don't have that."
"It's pretty stable. I rate the stability of Coverity nine out of ten."
"It provides reports about a lot of potential defects."
"The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time."
"High level of accuracy and quick scanning."
"The best features of Invicti are its ability to confirm access vulnerabilities, SSL injection vulnerabilities, and its connectors to other security tools."
"Attacking feature: Actually, attacking is not a solo feature. It contains many attack engines, Hawk, and many properties. But Netsparker's attacking mechanism is very flexible. This increases the vulnerability detection rate. Also, Netsparker made the Hawk for real-time interactive command-line-based exploit testing. It's very valuable for a vulnerability scanner."
"It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms."
"The solution generates reports automatically and quickly."
"When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
"The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support."
"The scanner is light on the network and does not impact the network when scans are running."
"Coverity is far from perfection, and I'm not 100 percent sure it's helping me find what I need to find in my role. We need exactly what we are looking for, i.e. security errors and vulnerabilities. It doesn't seem to be reporting while we are changing our code."
"SCM integration is very poor in Coverity."
"Reporting engine needs to be more robust."
"When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"The level of vulnerability that this solution covers could be improved compared to other open source tools."
"Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better."
"Coverity is not stable."
"Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product."
"They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams. It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one."
"Netsparker doesn't provide the source code of the static application security testing."
"Invicti takes too long with big applications, and there are issues with the login portal."
"The custom attack preparation screen might be improved."
"The scanning time, complexity, and authentication features of Invicti could be improved."
"Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."
"The scanner itself should be improved because it is a little bit slow."
Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews while Invicti is ranked 15th in Application Security Testing (AST) with 25 reviews. Coverity is rated 7.8, while Invicti is rated 8.2. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas Invicti is most compared with OWASP Zap, Acunetix, PortSwigger Burp Suite Professional, Tenable.io Web Application Scanning and Fortify WebInspect. See our Coverity vs. Invicti report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
