We performed a comparison between Coverity and Invicti based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited."
"The most valuable feature is that there were not a whole lot of false positives, at least on the codebases that I looked at."
"Provides software security, and helps to find potential security bugs or defects."
"The product is easy to use."
"I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be."
"The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time."
"Coverity is scalable."
"It's very stable."
"One of the features I like about this program is the low number of false positives and the support it offers."
"When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done."
"The dashboard is really cool, and the features are really good. It tells you about the software version you're using in your web application. It gives you the entire technology stack, and that really helps. Both web and desktop apps are good in terms of application scanning. It has a lot of security checks that are easily customizable as per your requirements. It also has good customer support."
"It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms."
"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."
"The scanner and the result generator are valuable features for us."
"The solution generates reports automatically and quickly."
"Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."
"It should be easier to specify your own validation routines and sanitation routines."
"I would like to see integration with popular IDEs, such as Eclipse."
"Coverity takes a lot of time to dereference null pointers."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"Ideally, it would have a user-based license that does not have a restriction in the number of lines of code."
"We'd like it to be faster."
"The reporting tool integration process is sometimes slow."
"The tool needs to improve its reporting."
"Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."
"It would be better for listing and attacking Java-based web applications to exploit vulnerabilities."
"The scannings are not sufficiently updated."
"The higher level vulnerabilities like Cross-Site Scripting, SQL Injection, and other higher level injection attacks are difficult to highlight using Netsparker."
"The proxy review, the use report views, the current use tool and the subset requests need some improvement. It was hard to understand how to use them."
"Invicti takes too long with big applications, and there are issues with the login portal."
"The scanning time, complexity, and authentication features of Invicti could be improved."
"Netsparker doesn't provide the source code of the static application security testing."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 34 reviews while Invicti is ranked 15th in Static Application Security Testing (SAST) with 25 reviews. Coverity is rated 7.8, while Invicti is rated 8.2. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas Invicti is most compared with OWASP Zap, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and Fortify WebInspect. See our Coverity vs. Invicti report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.