We performed a comparison between Coverity and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited."
"The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time."
"It's pretty stable. I rate the stability of Coverity nine out of ten."
"The security analysis features are the most valuable features of this solution."
"It is a scalable solution."
"The product is easy to use."
"The most valuable feature of Coverity is the wrapper. We use the wrapper to build the C++ component, then we use the other code analysis to analyze the code to the build object, and then send back the result to the SonarQube server. Additionally, it is a powerful capabilities solution."
"The interface of Coverity is quite good, and it is also easy to use."
"We are now deploying less defects to production."
"I like the recording feature."
"We use it as a security testing application."
"The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL."
"Technical support is helpful."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"The most valuable feature of the solution is the scanning or security part."
"The most valuable feature of the solution is Postman."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"The level of vulnerability that this solution covers could be improved compared to other open source tools."
"Reporting engine needs to be more robust."
"The product lacks sufficient customization options."
"The solution is a bit complex to use in comparison to other products that have many plugins."
"The tool needs to improve its reporting."
"The setup takes very long."
"The product should include more customization options. The analytics is not as deep as compared to SonarQube."
"I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources."
"In future releases, I would like to see more aggressive reports. I would also like to see less false positives."
"Many silly false positives are produced."
"The solution's scalability can be a matter of concern because one license runs on one machine only."
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
"A desktop version should be added."
"There are so many lines of code with so many different categories that I am likely to get lost. "
"They have to improve support."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 34 reviews while HCL AppScan is ranked 11th in Static Application Security Testing (SAST) with 41 reviews. Coverity is rated 7.8, while HCL AppScan is rated 7.8. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and OWASP Zap. See our Coverity vs. HCL AppScan report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.