• Home
  • Coverity vs. GitHub Code Scanning

Coverity vs GitHub Code Scanning comparison

Cancel
You must select at least 2 products to compare!
Synopsys Logo
Coverity
Read 33 Coverity reviews
17,611 views|11,453 comparisons
88% willing to recommend
GitHub Logo
GitHub Code Scanning
Read 1 GitHub Code Scanning review
190 views|157 comparisons
100% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Static Application Security Testing (SAST)
April 2024
Executive Summary

We performed a comparison between Coverity and GitHub Code Scanning based on real PeerSpot user reviews.

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST).
To learn more, read our detailed Static Application Security Testing (SAST) Report (Updated: April 2024).
Download the complete report
771,170 professionals have used our research since 2012.
Featured Review
Archana Verma
Provides software security and helps find potential security bugs or defects
Coverity has improved our functionality and efficiency.
AnmolGupta
A highly stable solution that can be used for source code management
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The features I find most valuable is that our entire company can publish the analysis results into our central space.""Coverity gives advisory and deviation features, which are some of the parts I liked.""The most valuable feature of Coverity is the wrapper. We use the wrapper to build the C++ component, then we use the other code analysis to analyze the code to the build object, and then send back the result to the SonarQube server. Additionally, it is a powerful capabilities solution.""The most valuable feature is the integration with Jenkins.""It provides reports about a lot of potential defects.""I like Coverity's capability to scan codes once we push it. We don't need more time to review our colleagues' codes. Its UI is pretty straightforward.""Coverity is scalable.""Coverity is easy to set up and has a less lengthy process to find vulnerabilities."

More Coverity Pros →

"We use GitHub Code Scanning mostly for source code management."

More GitHub Code Scanning Pros →

Cons
"Some features are not performing well, like duplicate detection and switch case situations.""The quality of the code needs improvement.""Right now, the Coverity executable is around 1.2GB to download. If they can reduce it to approximately 600 or 700MB, that would be great. If they decrease the executable, it will be much easier to work in an environment like Docker.""The product lacks sufficient customization options.""Reporting engine needs to be more robust.""I would like to see integration with popular IDEs, such as Eclipse.""The tool needs to improve its reporting.""The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."

More Coverity Cons →

"GitHub Code Scanning should add more templates."

More GitHub Code Scanning Cons →

Pricing and Cost Advice
  • "Coverity is quite expensive."
  • "The licensing fees are based on the number of lines of code."
  • "The price is competitive with other solutions."
  • "It is expensive."
  • "Coverity is very expensive."
  • "This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis."
  • "The pricing is very reasonable compared to other platforms. It is based on a three year license."
  • "The pricing is on the expensive side, and we are paying for a couple of items."

    • More Coverity Pricing and Cost Advice →

  • "GitHub Code Scanning is a moderately priced solution."

    • More GitHub Code Scanning Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
    See Recommendations
    771,170 professionals have used our research since 2012.
    Questions from the Community
    How would you decide between Coverity and Sonarqube?
    Top Answer:We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing… more »
    What do you like most about Coverity?
    Top Answer:The solution has improved our code quality and security very well.
    Read all 23 answers   →
    What is your experience regarding pricing and costs for Coverity?
    Top Answer:The tool was fairly priced.
    Read all 20 answers   →
    What do you like most about GitHub Code Scanning?
    Top Answer:We use GitHub Code Scanning mostly for source code management.
    What is your experience regarding pricing and costs for GitHub Code Scann...
    Top Answer:GitHub Code Scanning is a moderately priced solution. On a scale from one to ten, where one is cheap, and ten is expensive, I rate the solution's pricing a five out of ten. The solution's license is… more »
    What needs improvement with GitHub Code Scanning?
    Top Answer:GitHub Code Scanning should add more templates.
    Ranking
    4th
    out of 67 in Static Application Security Testing (SAST)
    Views
    17,611
    Comparisons
    11,453
    Reviews
    22
    Average Words per Review
    382
    Rating
    8.0
    20th
    out of 67 in Static Application Security Testing (SAST)
    Views
    190
    Comparisons
    157
    Reviews
    1
    Average Words per Review
    337
    Rating
    10.0
    Comparisons
    Also Known As
    Synopsys Static Analysis
    Learn More
    Synopsys
    GitHub
    Overview

    Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts. 

    Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports 22 languages and over 70 frameworks and templates.

    Code scanning is a feature that you use to analyze the code in a GitHub repository to find security vulnerabilities and coding errors. Any problems identified by the analysis are shown in GitHub.

    Sample Customers
    MStar Semiconductor, Alcatel-Lucent
    Information Not Available
    Top Industries
    REVIEWERS
    Manufacturing Company36%
    Comms Service Provider20%
    Computer Software Company20%
    Retailer8%
    VISITORS READING REVIEWS
    Manufacturing Company28%
    Computer Software Company16%
    Financial Services Firm8%
    Government4%
    No Data Available
    Company Size
    REVIEWERS
    Small Business16%
    Midsize Enterprise14%
    Large Enterprise70%
    VISITORS READING REVIEWS
    Small Business14%
    Midsize Enterprise10%
    Large Enterprise76%
    No Data Available
    Buyer's Guide
    Static Application Security Testing (SAST)
    April 2024
    Download Free Report
    Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST). Updated: April 2024.
    DOWNLOAD NOW
    771,170 professionals have used our research since 2012.

    Coverity is ranked 4th in Static Application Security Testing (SAST) with 33 reviews while GitHub Code Scanning is ranked 20th in Static Application Security Testing (SAST) with 1 review. Coverity is rated 7.8, while GitHub Code Scanning is rated 10.0. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of GitHub Code Scanning writes "A highly stable solution that can be used for source code management". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas GitHub Code Scanning is most compared with SonarCloud, SonarQube, Polaris Software Integrity Platform and Veracode.

    See our list of best Static Application Security Testing (SAST) vendors.

    We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.