We performed a comparison between Coverity and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It has the lowest false positives."
"The most valuable feature is the integration with Jenkins."
"One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited."
"The most valuable feature is that there were not a whole lot of false positives, at least on the codebases that I looked at."
"The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent."
"The most valuable feature of Coverity is its software security feature called the Checker. If you share some vulnerability or weakness then the software can find any potential security bug or defect. The code integration tool enables some secure coding standards and implements some Checkers for Live Duo. So we can enable secure coding and Azure in this tool. So in our software, we can make sure our software combines some industry supervised data."
"The reporting feature is up to the mark."
"I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"It works with many different products."
"The simplicity of exporting reports and the simplicity and clarity of the reports included with the product are good."
"QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations."
"It is a good product for website penetration testing to detect vulnerabilities."
"The product prevents possible vulnerabilities in our network."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"Sometimes it's a bit hard to figure out how to use the product’s UI."
"Coverity takes a lot of time to dereference null pointers."
"Ideally, it would have a user-based license that does not have a restriction in the number of lines of code."
"Some features are not performing well, like duplicate detection and switch case situations."
"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."
"The tool needs to improve its reporting."
"Reporting engine needs to be more robust."
"Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."
"The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes."
"There could be better management and faster scanning."
"The product's pricing could be better."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"The pricing does not seem to be competitive."
"There should be better visibility into the application."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
More Qualys Web Application Scanning Pricing and Cost Advice →
Coverity is ranked 4th in Static Application Security Testing (SAST) with 34 reviews while Qualys Web Application Scanning is ranked 14th in Static Application Security Testing (SAST) with 31 reviews. Coverity is rated 7.8, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Fortify WebInspect. See our Coverity vs. Qualys Web Application Scanning report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.