We performed a comparison between Coverity and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited."
"It has the lowest false positives."
"This solution is easy to use."
"It's very stable."
"The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time."
"The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code."
"We were very comfortable with the initial setup."
"It is a scalable solution."
"Automatic updates and pull request analysis."
"The most valuable feature is scanning the URL to drill down all the different sites."
"The scalability of this product is very good."
"It has improved my organization with faster security tests."
"The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information."
"It updates repositories and libraries quickly."
"The stability of the solution is very good."
"The interface is easy to use."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material."
"They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier."
"The tool needs to improve its reporting."
"It would be great if we could customize the rules to focus on critical issues."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"The level of vulnerability that this solution covers could be improved compared to other open source tools."
"Reporting engine needs to be more robust."
"There isn't too much information about it online."
"The automated vulnerability assessments that the application performs needs to be simplified as well as diversified."
"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word list, or manually created."
"The reporting feature could be more descriptive."
"The product reporting could be improved."
"I'd like to see a kind of feature where we can just track what our last vulnerability was and how it has improved or not. More reports that can have some kind of base-lining, I think that would be a good feature too. I'm not sure whether it can be achieved and implement but I think that would really help."
"The solution is somewhat unreliable because after we get the finding, we have to manually verify each of its findings to see whether it's a false positive or a true finding, and it takes time."
"The product should allow users to customize the report based on their needs."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 34 reviews while OWASP Zap is ranked 8th in Static Application Security Testing (SAST) with 37 reviews. Coverity is rated 7.8, while OWASP Zap is rated 7.6. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and PortSwigger Burp Suite Professional. See our Coverity vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.