We performed a comparison between Coverity and GitHub Code Scanning based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST)."The features I find most valuable is that our entire company can publish the analysis results into our central space."
"Coverity gives advisory and deviation features, which are some of the parts I liked."
"The most valuable feature of Coverity is the wrapper. We use the wrapper to build the C++ component, then we use the other code analysis to analyze the code to the build object, and then send back the result to the SonarQube server. Additionally, it is a powerful capabilities solution."
"The most valuable feature is the integration with Jenkins."
"It provides reports about a lot of potential defects."
"I like Coverity's capability to scan codes once we push it. We don't need more time to review our colleagues' codes. Its UI is pretty straightforward."
"Coverity is scalable."
"Coverity is easy to set up and has a less lengthy process to find vulnerabilities."
"We use GitHub Code Scanning mostly for source code management."
"Some features are not performing well, like duplicate detection and switch case situations."
"The quality of the code needs improvement."
"Right now, the Coverity executable is around 1.2GB to download. If they can reduce it to approximately 600 or 700MB, that would be great. If they decrease the executable, it will be much easier to work in an environment like Docker."
"The product lacks sufficient customization options."
"Reporting engine needs to be more robust."
"I would like to see integration with popular IDEs, such as Eclipse."
"The tool needs to improve its reporting."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"GitHub Code Scanning should add more templates."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 33 reviews while GitHub Code Scanning is ranked 20th in Static Application Security Testing (SAST) with 1 review. Coverity is rated 7.8, while GitHub Code Scanning is rated 10.0. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of GitHub Code Scanning writes "A highly stable solution that can be used for source code management". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas GitHub Code Scanning is most compared with SonarCloud, SonarQube, Polaris Software Integrity Platform and Veracode.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.