We performed a comparison between Coverity and Mend.io based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Coverity gives advisory and deviation features, which are some of the parts I liked."
"It's pretty stable. I rate the stability of Coverity nine out of ten."
"This solution is easy to use."
"Provides software security, and helps to find potential security bugs or defects."
"The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent."
"The features I find most valuable is that our entire company can publish the analysis results into our central space."
"It provides reports about a lot of potential defects."
"The solution effectively identifies bugs in code."
"We use a lot of open sources with a variety of containers, and the different open sources come with different licenses. Some come with dual licenses, some are risky and some are not. All our three use cases are equally important to us and we found WhiteSource handles them decently."
"The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business."
"Our dev team uses the fix suggestions feature to quickly find the best path for remediation."
"Its ease of use and good results are the most valuable."
"The solution boasts a broad range of features and covers much of what an ideal SCA tool should."
"With the fix suggestions feature, not only do you get the specific trace back to where the vulnerability is within your code, but you also get fix suggestions."
"WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful."
"The vulnerability analysis is the best aspect of the solution."
"The quality of the code needs improvement."
"Some features are not performing well, like duplicate detection and switch case situations."
"The product lacks sufficient customization options."
"The solution's user interface and quality gate could be improved."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"It would be great if we could customize the rules to focus on critical issues."
"Needs better ACL and more role definitions. This product could be used by large organisations and it definitely needs a better role/action model."
"WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers."
"The only thing that I don't find support for on Mend Prioritize is C++."
"Some detected libraries do not specify a location of where in the source they were matched from, which is something that should be enhanced to enable quicker troubleshooting."
"I would like to have an additional compliance pack. Currently, it does not have anything for the CIS framework or the NIST framework. If we directly run a scan, and it is under the CIS framework, we can directly tell the auditor that this product is now CIS compliant."
"If anything, I would spend more time making this more user-friendly, better documenting the CLI, and adding more examples to help expand the current documentation."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
"We specifically use this solution within our CICD pipelines in Azure DevOps, and we would like to have a gate so that if the score falls below a certain value then we can block the pipeline from running."
Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews while Mend.io is ranked 4th in Software Composition Analysis (SCA) with 29 reviews. Coverity is rated 7.8, while Mend.io is rated 8.4. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand and Checkmarx, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk, Checkmarx and GitLab. See our Coverity vs. Mend.io report.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.