We performed a comparison between Coverity and Kiuwan based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The app analysis is the most valuable feature as I know other solutions don't have that."
"The features I find most valuable is that our entire company can publish the analysis results into our central space."
"I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be."
"The reporting feature is up to the mark."
"The product is easy to use."
"The most valuable feature of Coverity is the wrapper. We use the wrapper to build the C++ component, then we use the other code analysis to analyze the code to the build object, and then send back the result to the SonarQube server. Additionally, it is a powerful capabilities solution."
"The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code."
"The solution effectively identifies bugs in code."
"The solution has a continuous integration process."
"I find it immensely helpful because it's not just about generating code; it's about ensuring efficiency in the execution."
"The solution offers very good technical support."
"We are using this solution to increase the quality of our software and to test the vulnerabilities in our tools before the customers find them."
"The most valuable feature of the solution stems from the fact that it is quick when processing and giving an output or generating a report."
"I have found the security and QA in the source code to be most valuable."
"The feature that I have found the most valuable in Kiuwan is the speed of scanning. Compared to other SaaS tools I have used, Kiuwan is much quicker in performing scans. I have not yet used it on a large code base, but from what I have experienced, it is efficient and accurate. Additionally, I have used it both manually and in an automated pipeline, and both methods have been effective. The speed of scanning is what makes it valuable to me."
"I like that I can scan the code without sending it to the Kiuwan cloud. I can do it locally on my device. When the local analyzer finishes, the results display on the dashboard in the cloud. It's essential for security purposes to be able to scan my code locally."
"The solution could use more rules."
"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."
"We use GitHub and Gitflow, and Coverity does not fit with Gitflow. I have to create a screen for our branches, and it's a pain for developers. It has been difficult to integrate Coverity with our system."
"Coverity is far from perfection, and I'm not 100 percent sure it's helping me find what I need to find in my role. We need exactly what we are looking for, i.e. security errors and vulnerabilities. It doesn't seem to be reporting while we are changing our code."
"Ideally, it would have a user-based license that does not have a restriction in the number of lines of code."
"The product lacks sufficient customization options."
"Sometimes it's a bit hard to figure out how to use the product’s UI."
"The solution is a bit complex to use in comparison to other products that have many plugins."
"The integration process could be improved. It'll also help if it could generate reports automatically. But I'm not sure about the effectiveness of the reports. This is because, in our last project, we still found some key issues that weren't captured by the Kiuwan report."
"Kiuwan's support has room for improvement. You can only open a ticket is through email, and the support team is outside of our country. They should have a support number or chat."
"The QA developer and security could be improved."
"The product's UI has certain shortcomings, where improvements are required."
"I would like to see additional languages supported."
"I would like to see better integration with the Visual Studio and Eclipse IDEs."
"It would be beneficial to streamline calls and transitions seamlessly for improved functionality."
"In Kiuwan there are sometimes duplicates found in the dependency scan under the "insights" tab. It's unclear to me why these duplicates are appearing, and it would be helpful if the application teams could investigate further."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 34 reviews while Kiuwan is ranked 16th in Static Application Security Testing (SAST) with 23 reviews. Coverity is rated 7.8, while Kiuwan is rated 8.6. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Kiuwan writes "Though a stable tool, the UI needs improvement". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas Kiuwan is most compared with SonarQube, Checkmarx One, Snyk, Veracode and Fortify on Demand. See our Coverity vs. Kiuwan report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.