Try our new research platform with insights from 80,000+ expert users

Coverity vs Mend.io comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Coverity
Average Rating
7.8
Reviews Sentiment
6.5
Number of Reviews
42
Ranking in other categories
Static Application Security Testing (SAST) (4th)
Mend.io
Average Rating
8.4
Reviews Sentiment
7.3
Number of Reviews
30
Ranking in other categories
Application Security Tools (17th), Software Composition Analysis (SCA) (6th), Static Code Analysis (4th), Software Supply Chain Security (2nd)
 

Mindshare comparison

Coverity and Mend.io aren’t in the same category and serve different purposes. Coverity is designed for Static Application Security Testing (SAST) and holds a mindshare of 7.5%, up 6.6% compared to last year.
Mend.io, on the other hand, focuses on Software Composition Analysis (SCA), holds 7.8% mindshare, down 8.6% since last year.
Static Application Security Testing (SAST)
Software Composition Analysis (SCA)
 

Featured Reviews

Md. Shahriar Hussain - PeerSpot reviewer
Offers impressive reporting features with user-friendliness and high scalability
The solution can be easily setup but requires heavy integration due to the multiple types of port and programming languages involved. Comparing the resource requirements of the solution I would say it can be installed effortlessly. I would rate the initial setup an eight out of ten. A professional needs some pre-acquired knowledge to manage Coverity's deployment process, but the local solution partners provide support well enough for trouble-free deployment. The overall deployment process of Coverity took around two and a half hours in our organization. The deployment duration depends upon the operating system and resources including high-end RAM and CPU processors.
meetharoon - PeerSpot reviewer
Enables smooth management of vulnerabilities and promotes a shift towards a culture of security
We have witnessed Mend.io for its high stability, consistently living up to our expectations in terms of performance and reliability. Our developers have reported very few issues and almost minimal to zero downtime, which is a critical factor for our organization to rely on Mend SCA to secure our applications. We didn't experience any major issues in the stability of the product. This level of dependability is crucial for our hundreds of development teams that need to maintain continuous integration and deployment processes without interruptions. We realize the solution's architecture is designed to support a wide range of use cases, making it suitable for organizations of varying sizes and complexities. As a SaaS (Software as a Service) offering, Mend.io eliminates the need for physical server management, which further contributes to its stability. Users can access the platform without worrying about hardware failures or maintenance issues that can affect on-premises solutions. Moreover, Mend.io's integration capabilities with existing workflows—including IDEs, repositories, and CI/CD pipelines—enhance its stability by providing a seamless user experience. This integration allows teams to incorporate security scanning into their development processes without significant disruptions, which is often a challenge with less stable solutions. Feedback from our developers and architects highlights the tool's effectiveness in reducing open-source software vulnerabilities while maintaining a streamlined development lifecycle. Our organization have experienced improved code quality and faster incident response times as a result of using Mend.io. The platform's intuitive dashboard and management views are also praised by our developers for their usability, contributing to a positive user experience. In short, Mend.io stands out as a dependable and reliable solution in the realm of software composition analysis. Its high stability, combined with robust integration capabilities and user-friendly features, makes it an excellent choice for organizations seeking to enhance their security posture while minimizing operational disruptions.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is the integration with Jenkins."
"It help us identify the latest security vulnerabilities."
"One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited."
"The app analysis is the most valuable feature as I know other solutions don't have that."
"Considering the analysis part and the benchmarking process involving the product that my company carried out, the solution is good for finding bugs and violations"
"What I find most effective about Coverity is its low rate of false positives. I've seen other platforms with many false positives, but with Coverity, most vulnerabilities it identifies are genuine. This allows me to focus on real issues."
"Coverity is easy to use and easy to integrate with CI."
"The solution effectively identifies bugs in code."
"The results and the dashboard they provide are good."
"Its ease of use and good results are the most valuable."
"Mend.io is very robust in terms of managing third-party dependencies."
"There are multiple different integrations there. We use Mend for CI/CD that goes through Azure as well. It works seamlessly. We never have any issues with it."
"WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful."
"The dashboard view and the management view are most valuable."
"Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed."
"It gives us full visibility into what we're using, what needs to be updated, and what's vulnerable, which helps us make better decisions."
 

Cons

"There should be additional IDE support."
"The solution could use more rules."
"Ideally, it would have a user-based license that does not have a restriction in the number of lines of code."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"It would be great if we could customize the rules to focus on critical issues."
"Some features are not performing well, like duplicate detection and switch case situations."
"We're currently facing a primary challenge with automation using Coverity. Each developer has a license and can perform manual checks, and we also have a nightly build that analyzes the entire software. The main issue is that the tool can't look behind submodules in our code base, so it doesn't see changes stored there."
"We use GitHub and Gitflow, and Coverity does not fit with Gitflow. I have to create a screen for our branches, and it's a pain for developers. It has been difficult to integrate Coverity with our system."
"It would be good if it can do dynamic code analysis. It is not necessarily in that space, but it can do more because we have too many tools. Their partner relationship support is a little bit confusing. They haven't really streamlined the support process when we buy through a reseller. They should improve their process."
"Needs better ACL and more role definitions. This product could be used by large organisations and it definitely needs a better role/action model."
"WhiteSource only produces a report, which is nice to look at. However, you have to check that report every week, to see if something was found that you don't want. It would be great if the build that's generating a report would fail if it finds a very important vulnerability, for instance."
"The initial setup could be simplified."
"AI integration in code security tools like Mend.io is still in its early stages and relatively immature."
"The only thing that I don't find support for on Mend Prioritize is C++."
"Mend supports most of the common package managers, but it doesn't support some that we use. I would appreciate it if they can quickly make these changes to add new package managers when necessary."
"The UI is not that friendly and you need to learn how to navigate easily."
 

Pricing and Cost Advice

"The licensing fees are based on the number of lines of code."
"Coverity is quite expensive."
"The solution is affordable."
"The price is competitive with other solutions."
"It is expensive."
"I would rate the tool's pricing a one out of ten."
"The tool was fairly priced."
"Depending on the usage types, one has to opt for different types of licenses from Coverity, especially to be able to use areas like report viewing or report generation."
"As we were using an SaaS-based service, the solution must be scalable, although my understanding is that this is based on the licensing model one is using."
"WhiteSource is much more affordable than Veracode."
"It is fairly priced."
"We always negotiate for the best price possible, and as far as I know, Mend has done an excellent job with their pricing. Our management is happy with the pricing, which has led to renewals."
"We are paying a lot of money to use WhiteSource. In our company, it is not easy to argue that it is worth the price. ​"
"Pricing and licensing are comparable to other tools. When we started, it was less than our existing solution. I can't go into specifics, but it isn't cheap."
"The solution involves a yearly licensing fee."
"Pricing is competitive."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
850,900 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
33%
Computer Software Company
14%
Financial Services Firm
7%
Government
4%
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
12%
Insurance Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
What do you like most about Coverity?
The solution has improved our code quality and security very well.
How does WhiteSource compare with SonarQube?
Red Hat Ceph does well in simplifying storage integration by replacing the need for numerous storage solutions. This solution allows for multiple copies of replicated and coded pools to be kept, ea...
How does WhiteSource compare with Black Duck?
We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license compl...
What do you like most about Mend.io?
The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulner...
 

Comparisons

 

Also Known As

Synopsys Static Analysis
WhiteSource, Mend SCA, Mend.io Supply Chain Defender, Mend SAST
 

Overview

 

Sample Customers

SAP, Mega International, Thales Alenia Space
Microsoft, Autodesk, NCR, Target, IBM, vodafone, Siemens, GE digital, KPMG, LivePerson, Jack Henry and Associates
Find out what your peers are saying about Coverity vs. Mend.io and other solutions. Updated: September 2022.
850,900 professionals have used our research since 2012.