Try our new research platform with insights from 80,000+ expert users

Coverity vs Qualys Web Application Scanning comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jul 6, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Coverity
Ranking in Static Application Security Testing (SAST)
4th
Average Rating
7.8
Reviews Sentiment
6.5
Number of Reviews
43
Ranking in other categories
No ranking in other categories
Qualys Web Application Scan...
Ranking in Static Application Security Testing (SAST)
9th
Average Rating
7.6
Reviews Sentiment
6.3
Number of Reviews
40
Ranking in other categories
Application Security Tools (13th)
 

Mindshare comparison

As of September 2025, in the Static Application Security Testing (SAST) category, the mindshare of Coverity is 6.3%, down from 7.1% compared to the previous year. The mindshare of Qualys Web Application Scanning is 2.1%, up from 2.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST) Market Share Distribution
ProductMarket Share (%)
Coverity6.3%
Qualys Web Application Scanning2.1%
Other91.6%
Static Application Security Testing (SAST)
 

Featured Reviews

Jaile Sebes - PeerSpot reviewer
Resolving critical software issues demands faster implementation and better integration
We use Coverity primarily to find issues such as software bugs and memory leaks, especially in C++ and C# projects. It helps us identify deadlocks, synchronization issues, and product crashes Coverity has been instrumental in resolving product crashes by detecting various issues like deadlocks.…
AnkitSharma13 - PeerSpot reviewer
Web scanning needs improvement but offers good vulnerability detection
The downside of Qualys Web Application Scanning is that it cannot crawl automatically. If I provide an IP address and a login form, it does basic testing, but it doesn't go deep as IBM AppScan does. If Qualys Web Application Scanning could improve its crawling capability, it would be more user-friendly. Qualys Web Application Scanning does IP-level testing, requiring direct input of credentials, and can only scan a few pages to provide known generic vulnerabilities, which isn't as beneficial from my point of view. The Vulnerability Management also relies heavily on version numbers and will flag vulnerabilities based on the component version, but it doesn't check if a real fix exists, leading to flags on components that actually have workarounds available.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code."
"It provides reports about a lot of potential defects."
"Coverity integrates with issue-tracking systems like Jira and provides email notifications, alerts, and other features."
"In my opinion, the most effective Coverity feature for identifying critical vulnerabilities is the extra checks, which offers deep analysis."
"It has the lowest false positives."
"The interface of Coverity is quite good, and it is also easy to use."
"The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time."
"What I find most effective about Coverity is its low rate of false positives. I've seen other platforms with many false positives, but with Coverity, most vulnerabilities it identifies are genuine. This allows me to focus on real issues."
"Qualys Web Application Scanning is user-friendly, easy to understand, easy to use, and easy to deploy."
"​We have experienced quick customer support. They have a complete list of our previous issues along with our history, which makes it faster for them to solve issues.​"
"The tool links vulnerabilities with DDIs and gives a complete overview of the application. The continuous monitoring capability is good."
"The advantage of Qualys Web Application Scanning lies in its user-friendly dashboard and appealing reports, which are useful for presentation to leadership."
"By using QualysGuard, we are able to finish external scans with assured results in half the time.​"
"​QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations.​"
"The advantage of Qualys Web Application Scanning lies in its user-friendly dashboard and appealing reports, which are useful for presentation to leadership."
"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
 

Cons

"The product should include more customization options. The analytics is not as deep as compared to SonarQube."
"Sometimes it's a bit hard to figure out how to use the product’s UI."
"Ideally, it would have a user-based license that does not have a restriction in the number of lines of code."
"We're currently facing a primary challenge with automation using Coverity. Each developer has a license and can perform manual checks, and we also have a nightly build that analyzes the entire software. The main issue is that the tool can't look behind submodules in our code base, so it doesn't see changes stored there."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"Sometimes, vulnerabilities remain unidentified even after setting up the rules."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
"There should be better visibility into the application."
"We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."
"One area for improvement is the user interface. The new UI, which was recently upgraded, feels more complex and less user-friendly than the old version."
"We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error."
"Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."
"The downside of Qualys Web Application Scanning is that it cannot crawl automatically. If I provide an IP address and a login form, it does basic testing, but it doesn't go deep as IBM AppScan does."
"They should try to include business logic vulnerabilities in the scanner testing."
 

Pricing and Cost Advice

"I would rate the pricing a six out of ten, where one is low, and ten is high price."
"Coverity is very expensive."
"This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis."
"The pricing is very reasonable compared to other platforms. It is based on a three year license."
"I would rate Coverity's pricing as a nine out of ten. It's already very expensive, and it's a problem for us to get more licenses due to the price. The pricing model has some good aspects - for example, a personal license gives access to all languages without code limitations, which is better than some competitors. However, it's still a lot of money for us to spend."
"I rate Coverity's price a ten on a scale of one to ten, where one is cheap and ten is expensive."
"The licensing fees are based on the number of lines of code."
"The tool's price is somewhere in the middle. It's neither cheap nor expensive. I would rate the pricing a five out of ten."
"We are on an annual license for the solution and the pricing could be more affordable."
"Try the free trial of the product to understand the basic working mechanisms.​"
"We normally purchase an annual license."
"It is an expensive platform."
"The product pricing is fair and reasonably priced."
"Qualys has an IT-based licensing based on a yearly license, which is a good way of handling it. However, in some cases, when we do the PCI scanning, the host will not like the scanning and we lose the IT license. So, this could be improved."
"I rate the software’s pricing a six out of ten."
"​It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders​."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
866,685 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
32%
Computer Software Company
14%
Financial Services Firm
6%
Government
4%
Computer Software Company
14%
Financial Services Firm
14%
Manufacturing Company
11%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise6
Large Enterprise31
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise6
Large Enterprise27
 

Questions from the Community

How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
What do you like most about Coverity?
The solution has improved our code quality and security very well.
What do you like most about Qualys Web Application Scanning?
The vulnerability management feature is a strong one. And also the patch management feature.
What is your experience regarding pricing and costs for Qualys Web Application Scanning?
The price of Qualys Web Application Scanning is reasonable compared to other vendors. Qualys Web Application Scanning is priced per application rather than per user.
What needs improvement with Qualys Web Application Scanning?
I have experience with adaptive scanning for single-page applications, which was not very effective. Generally, comparing with other tools, Qualys Web Application Scanning still needs to improve on...
 

Also Known As

Synopsys Static Analysis
Qualys WAS
 

Overview

 

Sample Customers

SAP, Mega International, Thales Alenia Space
BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.
Find out what your peers are saying about Coverity vs. Qualys Web Application Scanning and other solutions. Updated: July 2025.
866,685 professionals have used our research since 2012.