We performed a comparison between Coverity and Mend.io based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code."
"The most valuable feature of Coverity is the wrapper. We use the wrapper to build the C++ component, then we use the other code analysis to analyze the code to the build object, and then send back the result to the SonarQube server. Additionally, it is a powerful capabilities solution."
"It's very stable."
"The product is easy to use."
"I like Coverity's capability to scan codes once we push it. We don't need more time to review our colleagues' codes. Its UI is pretty straightforward."
"Coverity is quite stable and we haven’t had any issues or any downtime."
"The interface of Coverity is quite good, and it is also easy to use."
"The product has been beneficial in logging functionality, allowing me to categorize vulnerabilities based on severity. This aids in providing updated reports on subsequent scans."
"The solution is scalable."
"Attribution and license due diligence reports help us with aggregating the necessary data that we, in turn, have to provide to satisfy the various licenses copyright and component usage disclosures in our software."
"I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow."
"The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business."
"We can take some measures to improve things, replace a library, or update a library which was too old or showed severe bugs."
"Our dev team uses the fix suggestions feature to quickly find the best path for remediation."
"WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful."
"We set the solution up and enabled it and we had everything running pretty quickly."
"The quality of the code needs improvement."
"We use GitHub and Gitflow, and Coverity does not fit with Gitflow. I have to create a screen for our branches, and it's a pain for developers. It has been difficult to integrate Coverity with our system."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"The level of vulnerability that this solution covers could be improved compared to other open source tools."
"The tool needs to improve its reporting."
"SCM integration is very poor in Coverity."
"Ideally, it would have a user-based license that does not have a restriction in the number of lines of code."
"Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better."
"Make the product available in a very stable way for other web browsers."
"The turnaround time for upgrading databases for this tool as well as the accuracy could be improved."
"WhiteSource Prioritize should be expanded to cover more than Java and JavaScript."
"It would be nice to have a better way to realize its full potential and translate it within the UI or during onboarding."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
"The UI is not that friendly and you need to learn how to navigate easily."
"If anything, I would spend more time making this more user-friendly, better documenting the CLI, and adding more examples to help expand the current documentation."
"The UI can be slow once in a while, and we're not sure if it's because of the amount of data we have, or it is just a slow product, but it would be nice if it could be improved."
Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews while Mend.io is ranked 4th in Software Composition Analysis (SCA) with 29 reviews. Coverity is rated 7.8, while Mend.io is rated 8.4. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand and Checkmarx One, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk, Checkmarx One and GitLab. See our Coverity vs. Mend.io report.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.