We performed a comparison between Coverity and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The app analysis is the most valuable feature as I know other solutions don't have that."
"We were very comfortable with the initial setup."
"It provides reports about a lot of potential defects."
"The features I find most valuable is that our entire company can publish the analysis results into our central space."
"The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time."
"The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent."
"Provides software security, and helps to find potential security bugs or defects."
"It's very stable."
"The solution is easy to use."
"It was easy to set up."
"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
"The most valuable feature of the solution is the scanning or security part."
"It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code."
"This is a stable solution."
"It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings."
"The most valuable feature of the solution is Postman."
"SCM integration is very poor in Coverity."
"The product should include more customization options. The analytics is not as deep as compared to SonarQube."
"We use GitHub and Gitflow, and Coverity does not fit with Gitflow. I have to create a screen for our branches, and it's a pain for developers. It has been difficult to integrate Coverity with our system."
"Some features are not performing well, like duplicate detection and switch case situations."
"Coverity is not stable."
"It would be great if we could customize the rules to focus on critical issues."
"Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better."
"I would like to see integration with popular IDEs, such as Eclipse."
"Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products."
"AppScan is too complicated and should be made more user-friendly."
"They have to improve support."
"It has crashed at times."
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
"There is not a central management for static and dynamic."
"Improvement can be done as per customer requirements."
"I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 34 reviews while HCL AppScan is ranked 12th in Static Application Security Testing (SAST) with 41 reviews. Coverity is rated 7.8, while HCL AppScan is rated 7.8. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and OWASP Zap. See our Coverity vs. HCL AppScan report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.