We performed a comparison between Coverity and Mend.io based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The app analysis is the most valuable feature as I know other solutions don't have that."
"The most valuable feature of Coverity is its software security feature called the Checker. If you share some vulnerability or weakness then the software can find any potential security bug or defect. The code integration tool enables some secure coding standards and implements some Checkers for Live Duo. So we can enable secure coding and Azure in this tool. So in our software, we can make sure our software combines some industry supervised data."
"The product has deeper scanning capabilities."
"The interface of Coverity is quite good, and it is also easy to use."
"It's pretty stable. I rate the stability of Coverity nine out of ten."
"The most valuable feature of Coverity is the wrapper. We use the wrapper to build the C++ component, then we use the other code analysis to analyze the code to the build object, and then send back the result to the SonarQube server. Additionally, it is a powerful capabilities solution."
"The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time."
"It's very stable."
"The license management of WhiteSource was at a good level. As compared to other tools that I have used, its functionality for the licenses for the code libraries was quite good. Its UI was also fine."
"Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed."
"For us, the most valuable tool was open-source licensing analysis."
"WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful."
"What is very nice is that the product is very easy to set up. When you want to implement Mend.io, it just takes a few minutes to create your organization, create your products, and scan them. It's really convenient to have Mend scanning your products in less than one hour."
"The most valuable feature is the unified JAR to scan for all langs (wss-scanner jar)."
"The dashboard view and the management view are most valuable."
"WhiteSource helped reduce our mean time to resolution since the adoption of the product."
"SCM integration is very poor in Coverity."
"The quality of the code needs improvement."
"I would like to see integration with popular IDEs, such as Eclipse."
"Some features are not performing well, like duplicate detection and switch case situations."
"The level of vulnerability that this solution covers could be improved compared to other open source tools."
"Sometimes it's a bit hard to figure out how to use the product’s UI."
"It should be easier to specify your own validation routines and sanitation routines."
"Its price can be improved. Price is always an issue with Synopsys."
"WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers."
"The dashboard UI and UX are problematic."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
"Mend supports most of the common package managers, but it doesn't support some that we use. I would appreciate it if they can quickly make these changes to add new package managers when necessary."
"We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap."
"We specifically use this solution within our CICD pipelines in Azure DevOps, and we would like to have a gate so that if the score falls below a certain value then we can block the pipeline from running."
"Make the product available in a very stable way for other web browsers."
"I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 34 reviews while Mend.io is ranked 4th in Software Composition Analysis (SCA) with 29 reviews. Coverity is rated 7.8, while Mend.io is rated 8.4. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand and Checkmarx One, whereas Mend.io is most compared with SonarQube, Black Duck, Veracode, Snyk and GitLab. See our Coverity vs. Mend.io report.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.