We performed a comparison between Coverity and Fortify Application Defender based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It provides reports about a lot of potential defects."
"It's pretty stable. I rate the stability of Coverity nine out of ten."
"This solution is easy to use."
"The most valuable feature is the integration with Jenkins."
"The interface of Coverity is quite good, and it is also easy to use."
"I like Coverity's capability to scan codes once we push it. We don't need more time to review our colleagues' codes. Its UI is pretty straightforward."
"It is a scalable solution."
"The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent."
"Its ability to find security defects is valuable."
"The product saves us cost and time."
"The most valuable features of Fortify Application Defender are the code packages that are default."
"Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications."
"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."
"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"The most valuable feature is that it analyzes data in real-time."
"The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology."
"Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better."
"There should be additional IDE support."
"The level of vulnerability that this solution covers could be improved compared to other open source tools."
"Right now, the Coverity executable is around 1.2GB to download. If they can reduce it to approximately 600 or 700MB, that would be great. If they decrease the executable, it will be much easier to work in an environment like Docker."
"The product should include more customization options. The analytics is not as deep as compared to SonarQube."
"The reporting tool integration process is sometimes slow."
"The setup takes very long."
"Reporting engine needs to be more robust."
"The solution is quite expensive."
"The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java."
"The workbench is a little bit complex when you first start using it."
"I encountered many false positives for Python applications."
"Support for older compilers/IDEs is lacking."
"The false positive rate should be lower."
"Fortify Application Defender gives a lot of false positives."
"The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 34 reviews while Fortify Application Defender is ranked 30th in Application Security Tools with 11 reviews. Coverity is rated 7.8, while Fortify Application Defender is rated 7.8. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Fortify Application Defender writes "Useful for fast code review in devOps pipelines ". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Mend.io, whereas Fortify Application Defender is most compared with Checkmarx One, CAST Application Intelligence Platform, SonarQube, Qualys Web Application Scanning and Fortify on Demand. See our Coverity vs. Fortify Application Defender report.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.