Try our new research platform with insights from 80,000+ expert users

Coverity Static vs Qualys Web Application Scanning comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 15, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Coverity Static
Ranking in Static Application Security Testing (SAST)
4th
Average Rating
7.8
Reviews Sentiment
6.5
Number of Reviews
43
Ranking in other categories
No ranking in other categories
Qualys Web Application Scan...
Ranking in Static Application Security Testing (SAST)
9th
Average Rating
7.6
Reviews Sentiment
6.3
Number of Reviews
40
Ranking in other categories
Application Security Tools (13th)
 

Mindshare comparison

As of September 2025, in the Static Application Security Testing (SAST) category, the mindshare of Coverity Static is 6.3%, down from 7.1% compared to the previous year. The mindshare of Qualys Web Application Scanning is 2.1%, up from 2.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST) Market Share Distribution
ProductMarket Share (%)
Coverity6.3%
Qualys Web Application Scanning2.1%
Other91.6%
Static Application Security Testing (SAST)
 

Featured Reviews

Jaile Sebes - PeerSpot reviewer
Resolving critical software issues demands faster implementation and better integration
We use Coverity primarily to find issues such as software bugs and memory leaks, especially in C++ and C# projects. It helps us identify deadlocks, synchronization issues, and product crashes Coverity has been instrumental in resolving product crashes by detecting various issues like deadlocks.…
AnkitSharma13 - PeerSpot reviewer
Web scanning needs improvement but offers good vulnerability detection
The downside of Qualys Web Application Scanning is that it cannot crawl automatically. If I provide an IP address and a login form, it does basic testing, but it doesn't go deep as IBM AppScan does. If Qualys Web Application Scanning could improve its crawling capability, it would be more user-friendly. Qualys Web Application Scanning does IP-level testing, requiring direct input of credentials, and can only scan a few pages to provide known generic vulnerabilities, which isn't as beneficial from my point of view. The Vulnerability Management also relies heavily on version numbers and will flag vulnerabilities based on the component version, but it doesn't check if a real fix exists, leading to flags on components that actually have workarounds available.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Provides software security, and helps to find potential security bugs or defects."
"Coverity is quite stable and we haven’t had any issues or any downtime."
"The app analysis is the most valuable feature as I know other solutions don't have that."
"The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time."
"It has the lowest false positives."
"Coverity gives advisory and deviation features, which are some of the parts I liked."
"It help us identify the latest security vulnerabilities."
"The product has deeper scanning capabilities."
"It works with many different products."
"By using QualysGuard, we are able to finish external scans with assured results in half the time.​"
"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"Qualys Web Application Scanning is robust and mature from industry standards."
"Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile)."
"We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not."
"Its most valuable features are patch management, vulnerability management, and PCI compliance."
 

Cons

"Sometimes, vulnerabilities remain unidentified even after setting up the rules."
"The solution needs to improve its false positives."
"They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier."
"When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material."
"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."
"Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better."
"The price is a concern, and there are a lot of false positives coming through."
"SCM integration is very poor in Coverity."
"The downside of Qualys Web Application Scanning is that it cannot crawl automatically. If I provide an IP address and a login form, it does basic testing, but it doesn't go deep as IBM AppScan does."
"The virus code updates are not frequent enough."
"The software’s pricing could be improved."
"The support could be faster."
"The downside of Qualys Web Application Scanning is that it cannot crawl automatically."
"The reporting contains too many false positives."
"There should be better visibility into the application."
"The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected."
 

Pricing and Cost Advice

"I rate Coverity's price a ten on a scale of one to ten, where one is cheap and ten is expensive."
"Offers varying prices for different companies"
"The solution is affordable."
"The tool's price is somewhere in the middle. It's neither cheap nor expensive. I would rate the pricing a five out of ten."
"Coverity’s price is on the higher side. It should be lower."
"The tool was fairly priced."
"The price is competitive with other solutions."
"The solution's pricing is comparable to other products."
"I rate the software’s pricing a six out of ten."
"There are different options available with respect to licensing."
"Qualys WAS' pricing is competitive."
"Qualys Web Application Scanning's pricing is a bit expensive compared to other solutions available in the market."
"The product has a very good licensing model."
"We are on an annual license for the solution and the pricing could be more affordable."
"​It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders​."
"The product is expensive, at least initially, in comparison to other products in this category."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
867,445 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
32%
Computer Software Company
14%
Financial Services Firm
6%
Government
4%
Computer Software Company
15%
Financial Services Firm
14%
Manufacturing Company
11%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise6
Large Enterprise31
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise6
Large Enterprise27
 

Questions from the Community

How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
What do you like most about Coverity?
The solution has improved our code quality and security very well.
What do you like most about Qualys Web Application Scanning?
The vulnerability management feature is a strong one. And also the patch management feature.
What is your experience regarding pricing and costs for Qualys Web Application Scanning?
Regarding pricing, I think for personal use, it is costly, but if organizations are ready to pay, then it is fine as they are using it.
What needs improvement with Qualys Web Application Scanning?
The downside of Qualys Web Application Scanning is that it cannot crawl automatically. If I provide an IP address and a login form, it does basic testing, but it doesn't go deep as IBM AppScan does...
 

Also Known As

Synopsys Static Analysis
Qualys WAS
 

Overview

 

Sample Customers

SAP, Mega International, Thales Alenia Space
BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.
Find out what your peers are saying about Coverity Static vs. Qualys Web Application Scanning and other solutions. Updated: September 2025.
867,445 professionals have used our research since 2012.