• Home
  • Coverity vs. Mend

Coverity vs Mend comparison

Cancel
You must select at least 2 products to compare!
Synopsys Logo

Coverity

Read 9 Coverity reviews
21,897 views|15,310 comparisons
Mend Logo

Mend

Read 13 Mend reviews
19,920 views|14,073 comparisons
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Coverity vs. Mend
September 2022
Executive Summary

We performed a comparison between Coverity and Mend based on real PeerSpot user reviews.

Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Coverity vs. Mend Report (Updated: September 2022).
Download the complete report
687,947 professionals have used our research since 2012.
Featured Review
Varun V
Broad integration capacity and works with more languages than some competitors
To automate detection, we use Coverity's static analysis, which has a low false-positive ratio. That's because Coverity's analysis engine includes... Read more →
Jeffrey Harker
Easy to use, great for finding vulnerabilities, and simple to set up
A lot of these functions are development muscles that need to be baked into the actual SDLC process. We can put this on our pipelines and ensure... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Coverity is scalable.""This solution is easy to use.""The app analysis is the most valuable feature as I know other solutions don't have that.""I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be.""We were very comfortable with the initial setup.""One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited.""The solution effectively identifies bugs in code.""The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time."

More Coverity Pros →

"The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business.""There are multiple different integrations there. We use Mend for CI/CD that goes through Azure as well. It works seamlessly. We never have any issues with it.""The solution is scalable.""WhiteSource helped reduce our mean time to resolution since the adoption of the product.""WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful.""The solution boasts a broad range of features and covers much of what an ideal SCA tool should.""I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow.""The results and the dashboard they provide are good."

More Mend Pros →

Cons
"Coverity is far from perfection, and I'm not 100 percent sure it's helping me find what I need to find in my role. We need exactly what we are looking for, i.e. security errors and vulnerabilities. It doesn't seem to be reporting while we are changing our code.""Coverity is not stable.""The level of vulnerability that this solution covers could be improved compared to other open source tools.""We'd like it to be faster.""The solution is a bit complex to use in comparison to other products that have many plugins.""When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material.""Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better.""The solution could use more rules."

More Coverity Cons →

"WhiteSource only produces a report, which is nice to look at. However, you have to check that report every week, to see if something was found that you don't want. It would be great if the build that's generating a report would fail if it finds a very important vulnerability, for instance.""I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022.""I would like to see the static analysis included with the open-source version.""Mend lets you create custom policies. They're not too complicated to set up, but it would be helpful if they had some preconfigured policies to match what we have in Azure DevOps. That would save us a lot of time. It's tedious to configure the policies manually, and I lack the capacity to do it right now. Other products have preconfigured packs and templates, and Mend doesn't.""Mend supports most of the common package managers, but it doesn't support some that we use. I would appreciate it if they can quickly make these changes to add new package managers when necessary.""They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application.""It should support multiple SBOM formats to be able to integrate with old industry standards.""The turnaround time for upgrading databases for this tool as well as the accuracy could be improved."

More Mend Cons →

Pricing and Cost Advice
  • "Coverity is very expensive."
  • "This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis."
  • "The pricing is very reasonable compared to other platforms. It is based on a three year license."

    • More Coverity Pricing and Cost Advice →

  • "The solution involves a yearly licensing fee."
  • "As we were using an SaaS-based service, the solution must be scalable, although my understanding is that this is based on the licensing model one is using."
  • "WhiteSource is much more affordable than Veracode."
  • "This is an expensive solution."
  • "When comparing the price of WhiteSource to the competition it is priced well. The cost for 50 users is approximately $18,000 annually."
  • "Its pricing model is per developer. It depends on the number of developers in the company. The license is for a minimum of 20 developers. So, even if you are a small startup with less than 10 developers, you have to buy a license for 20 developers on a yearly subscription, which makes it quite expensive for startup customers. I provide consultation to startup accelerators. They're small at the beginning, and only once they grow to 20 developers, they can afford this tool. As a result, WhiteSource is missing this target audience. Their licensing is not flexible."
  • "We always negotiate for the best price possible, and as far as I know, Mend has done an excellent job with their pricing. Our management is happy with the pricing, which has led to renewals."
  • "Pricing and licensing are comparable to other tools. When we started, it was less than our existing solution. I can't go into specifics, but it isn't cheap."

    • More Mend Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    See Recommendations
    687,947 professionals have used our research since 2012.
    Questions from the Community
    How would you decide between Coverity and Sonarqube?
    Top Answer:We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing… more »
    What do you like most about Coverity?
    Top Answer:This solution is easy to use.
    Read all 16 answers   →
    What is your experience regarding pricing and costs for Coverity?
    Top Answer:The pricing is very reasonable compared to other platforms. It is based on a three year license.
    Read all 12 answers   →
    How does WhiteSource compare with SonarQube?
    Top Answer:Red Hat Ceph does well in simplifying storage integration by replacing the need for numerous storage solutions. This solution allows for multiple copies of replicated and coded pools to be kept, easy… more »
    How does WhiteSource compare with Black Duck?
    Top Answer:We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license… more »
    What do you like most about WhiteSource?
    Top Answer:The license management of WhiteSource was at a good level. As compared to other tools that I have used, its functionality for the licenses for the code libraries was quite good. Its UI was also fine.
    Read all 11 answers   →
    Ranking
    8th
    out of 44 in Application Security Testing (AST)
    Views
    21,897
    Comparisons
    15,310
    Reviews
    9
    Average Words per Review
    455
    Rating
    7.8
    4th
    out of 23 in Software Composition Analysis (SCA)
    Views
    19,920
    Comparisons
    14,073
    Reviews
    13
    Average Words per Review
    1,026
    Rating
    8.2
    Comparisons
    SonarQube logo
    SonarQube vs. Coverity
    Compared 62% of the time.
    Veracode logo
    Veracode vs. Coverity
    Compared 7% of the time.
    Klocwork logo
    Klocwork vs. Coverity
    Compared 6% of the time.
    Checkmarx logo
    Checkmarx vs. Coverity
    Compared 5% of the time.
    HCL AppScan logo
    HCL AppScan vs. Coverity
    Compared 1% of the time.
    More Coverity Competitors   →
    + Add more products to compare
    SonarQube logo
    SonarQube vs. Mend
    Compared 20% of the time.
    Black Duck logo
    Black Duck vs. Mend
    Compared 19% of the time.
    Snyk logo
    Snyk vs. Mend
    Compared 16% of the time.
    Veracode logo
    Veracode vs. Mend
    Compared 8% of the time.
    More Mend Competitors   →
    + Add more products to compare
    Also Known As
    Synopsys Static Analysis
    WhiteSource
    Learn More
    Synopsys
    Mend
    Overview

    Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts. 

    Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports 22 languages and over 70 frameworks and templates.

    Mend is a software composition analysis tool that secures what developers create. The solution provides automated reduction of software attack surface, reduces developer burdens, and accelerates app delivery. Mend provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violations alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend reduce enterprise application security risk, it also helps developers meet deadlines faster.

    Mend Features

    Mend has many valuable key features. Some of the most useful ones include:

    • Vulnerability analysis
    • Automated remediation
    • Seamless integration
    • Business prioritization
    • Limitless scalability
    • Intuitive interface
    • Language support
    • Integration
    • Continuous monitoring
    • Remediation suggestions
    • Customization

    Mend Benefits

    There are many benefits to implementing Mend. Some of the biggest advantages the solution offers include:

    • Easy to use: The Mend platform is very user friendly and easy to set up.
    • Third-party libraries: The solution eases the process of keeping track of all the used third-party dependencies within a product. It not only scans for the pure occurrence (also transitively) but also takes care of licenses and vulnerabilities.
    • Static code analysis: With Mend’s static code analysis, you can quickly identify security weaknesses in custom code across desktop, web, and mobile applications.
    • Broad support: Mend provides 27 different programming languages and various programming frameworks.
    • Easy integration: Mend makes integration very easy with existing DevOps environments and CI/CD pipelines so developers don’t need to manually configure or trigger the scan.
    • Ultra-fast scanning engine: The solution’s scanning engine generates results up to ten times faster than legacy SAST solutions.
    • Unified developer experience: Mend has a unified developer experience inside the code repository that shows side-by-side security alerts and remediation suggestions for custom code and open-source code.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by PeerSpot users currently using the Mend solution.

    Jeffrey H., System Manager of Cloud Engineering at Common Spirit, says, “Finding vulnerabilities is pretty easy. Mend (formerly WhiteSource) does a great job of that and we had quite a few when we first put this in place. Mend does a very good job of finding the open-source, checking the versions, and making sure they're secure. They notify us of critical high, medium, and low impacts, and if anything is wrong. We find the product very easy to use and we use it as a core part of our strategy for scanning product code moving toward release.”

    PeerSpot reviewer Ben D., Head of Software Engineering at a legal firm, mentions, “The way WhiteSource scans the code is great. It’s easy to identify and remediate open source vulnerabilities using this solution. WhiteSource helped reduce our mean time to resolution since we adopted the product. In terms of integration, it's pretty easy.”

    An IT Service Manager at a wholesaler/distributor comments, “Mend provides threat detection and an excellent UI in a highly stable solution, with outstanding technical support.”

    Another reviewer, Kevin D., Intramural OfficialIntramural at Northeastern University, states, "The vulnerability analysis is the best aspect of the solution."

    Offer
    Learn more about Coverity
    Learn More
    Learn more about Mend
    Learn More
    Sample Customers
    MStar Semiconductor, Alcatel-Lucent
    Microsoft, Autodesk, NCR, Forgerock, The Home Depot, Bosch, IBM, GE digital, KPMG, LivePerson, Jack Henry and Associates
    Top Industries
    REVIEWERS
    Comms Service Provider20%
    Manufacturing Company20%
    Computer Software Company20%
    Government10%
    VISITORS READING REVIEWS
    Manufacturing Company22%
    Computer Software Company19%
    Financial Services Firm6%
    Comms Service Provider6%
    REVIEWERS
    Computer Software Company33%
    Financial Services Firm11%
    Wholesaler/Distributor6%
    University6%
    VISITORS READING REVIEWS
    Computer Software Company22%
    Financial Services Firm13%
    Manufacturing Company8%
    Comms Service Provider7%
    Company Size
    REVIEWERS
    Small Business16%
    Midsize Enterprise16%
    Large Enterprise68%
    VISITORS READING REVIEWS
    Small Business14%
    Midsize Enterprise10%
    Large Enterprise75%
    REVIEWERS
    Small Business35%
    Midsize Enterprise8%
    Large Enterprise58%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise14%
    Large Enterprise68%
    Buyer's Guide
    Coverity vs. Mend
    September 2022
    Free Report: Coverity vs. Mend
    Find out what your peers are saying about Coverity vs. Mend and other solutions. Updated: September 2022.
    DOWNLOAD NOW
    687,947 professionals have used our research since 2012.

    Coverity is ranked 8th in Application Security Testing (AST) with 9 reviews while Mend is ranked 4th in Software Composition Analysis (SCA) with 13 reviews. Coverity is rated 7.8, while Mend is rated 8.2. The top reviewer of Coverity writes "Broad integration capacity and works with more languages than some competitors". On the other hand, the top reviewer of Mend writes "Easy to use, great for finding vulnerabilities, and simple to set up". Coverity is most compared with SonarQube, Veracode, Klocwork, Checkmarx and HCL AppScan, whereas Mend is most compared with SonarQube, Black Duck, Snyk, Veracode and Micro Focus Fortify on Demand. See our Coverity vs. Mend report.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.