Try our new research platform with insights from 80,000+ expert users

Coverity vs Invicti comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Coverity
Ranking in Static Application Security Testing (SAST)
4th
Average Rating
7.8
Reviews Sentiment
6.5
Number of Reviews
43
Ranking in other categories
No ranking in other categories
Invicti
Ranking in Static Application Security Testing (SAST)
14th
Average Rating
8.2
Reviews Sentiment
7.3
Number of Reviews
29
Ranking in other categories
API Security (6th), Dynamic Application Security Testing (DAST) (4th)
 

Mindshare comparison

As of June 2025, in the Static Application Security Testing (SAST) category, the mindshare of Coverity is 7.4%, up from 6.6% compared to the previous year. The mindshare of Invicti is 1.5%, up from 1.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Jaile Sebes - PeerSpot reviewer
Resolving critical software issues demands faster implementation and better integration
We use Coverity primarily to find issues such as software bugs and memory leaks, especially in C++ and C# projects. It helps us identify deadlocks, synchronization issues, and product crashes Coverity has been instrumental in resolving product crashes by detecting various issues like deadlocks.…
Kunal M - PeerSpot reviewer
Proactive scanning measures and realistic audit recommendations enhance development focus
Invicti's proactive scanning measures vulnerabilities each time we deploy or push code to a new environment. This feature helps us focus on priorities and prioritize the development team's effort, integrating seamlessly with DevOps to facilitate proactive scans of environments. Invicti also provides audit recommendations that are quite realistic, making it easy to discuss plans with developers.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code."
"It is a scalable solution."
"The most valuable feature of Coverity is its interprocedural analysis, which is advantageous because it compares favorably with other tools in terms of security and code analysis."
"The solution has improved our code quality and security very well."
"The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent."
"The security analysis features are the most valuable features of this solution."
"The reporting feature is up to the mark."
"Considering the analysis part and the benchmarking process involving the product that my company carried out, the solution is good for finding bugs and violations"
"I would rate the stability as ten out of ten."
"The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."
"Netsparker has valuable features, including the ability to scan our website, an interactive approach, and security data integration."
"When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
"I am impressed by the whole technology that they are using in this solution. It is really fast. When using netscan, the confirmation that it gives on the vulnerabilities is pretty cool. It is really easy to configure a scan in Netsparker Web Application Security Scanner. It is also really easy to deploy."
"Netsparker provides a more interactive interface that is more appealing."
"The scanner and the result generator are valuable features for us."
"High level of accuracy and quick scanning."
 

Cons

"The setup takes very long."
"Ideally, it would have a user-based license that does not have a restriction in the number of lines of code."
"It would be great if we could customize the rules to focus on critical issues."
"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."
"Zero-day vulnerability identification can be an add-on feature that Coverity can provide."
"The level of vulnerability that this solution covers could be improved compared to other open source tools."
"The product should include more customization options. The analytics is not as deep as compared to SonarQube."
"The solution could use more rules."
"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."
"Invicti takes too long with big applications, and there are issues with the login portal."
"Maybe the ability to make a good reporting format is needed."
"Currently, there is nothing I would like to improve."
"Right now, they are missing the static application security part, especially web application security."
"The solution's false positive analysis and vulnerability analysis libraries could be improved."
"It would be better for listing and attacking Java-based web applications to exploit vulnerabilities."
"Netsparker doesn't provide the source code of the static application security testing."
 

Pricing and Cost Advice

"The tool's price is somewhere in the middle. It's neither cheap nor expensive. I would rate the pricing a five out of ten."
"It is expensive."
"I rate Coverity's price a ten on a scale of one to ten, where one is cheap and ten is expensive."
"Coverity is quite expensive."
"Offers varying prices for different companies"
"Coverity’s price is on the higher side. It should be lower."
"The solution's pricing is comparable to other products."
"The tool was fairly priced."
"The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate because it has unlimited scan numbers."
"The price should be 20% lower"
"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."
"OWASP Zap is free and it has live updates, so that's a big plus."
"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."
"It is competitive in the security market."
"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."
"We never had any issues with the licensing; the price was within our assigned limits."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
857,028 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
32%
Computer Software Company
14%
Financial Services Firm
7%
Government
4%
Educational Organization
36%
Financial Services Firm
12%
Computer Software Company
9%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
What do you like most about Coverity?
The solution has improved our code quality and security very well.
What is your experience regarding pricing and costs for Netsparker Web Application Security Scanner?
As a technical user, I do not handle pricing or licensing, but I am aware that Invicti offers flexible licensing models based on organizational needs.
What do you like most about Invicti?
The most valuable feature of Invicti is getting baseline scanning and incremental scan.
What needs improvement with Invicti?
Invicti's reporting capabilities need enhancement. We need enterprise-level information instead of repo-level details. Unlike Appiro, Invicti does not provide portfolio-level insights into vulnerab...
 

Comparisons

 

Also Known As

Synopsys Static Analysis
Netsparker
 

Overview

 

Sample Customers

SAP, Mega International, Thales Alenia Space
Samsung, The Walt Disney Company, T-Systems, ING Bank
Find out what your peers are saying about Coverity vs. Invicti and other solutions. Updated: June 2025.
857,028 professionals have used our research since 2012.