We performed a comparison between Coverity and GitHub Code Scanning based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Coverity is scalable."
"Coverity gives advisory and deviation features, which are some of the parts I liked."
"I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be."
"The product has been beneficial in logging functionality, allowing me to categorize vulnerabilities based on severity. This aids in providing updated reports on subsequent scans."
"We were very comfortable with the initial setup."
"The features I find most valuable is that our entire company can publish the analysis results into our central space."
"The most valuable feature of Coverity is the wrapper. We use the wrapper to build the C++ component, then we use the other code analysis to analyze the code to the build object, and then send back the result to the SonarQube server. Additionally, it is a powerful capabilities solution."
"It's pretty stable. I rate the stability of Coverity nine out of ten."
"We use GitHub Code Scanning mostly for source code management."
"The solution helps identify vulnerabilities by understanding how ports communicate with applications running on a system. Ports are like house numbers; to visit someone's house, you must know their number. Similarly, ports are used to communicate with applications. For example, if you want to use an HTTP web server, you must use port 80. It is the port on which the web application or your server listens for incoming requests."
"SCM integration is very poor in Coverity."
"Ideally, it would have a user-based license that does not have a restriction in the number of lines of code."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"Coverity is far from perfection, and I'm not 100 percent sure it's helping me find what I need to find in my role. We need exactly what we are looking for, i.e. security errors and vulnerabilities. It doesn't seem to be reporting while we are changing our code."
"They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier."
"We'd like it to be faster."
"The solution's user interface and quality gate could be improved."
"The product should include more customization options. The analytics is not as deep as compared to SonarQube."
"GitHub Code Scanning should add more templates."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 34 reviews while GitHub Code Scanning is ranked 22nd in Static Application Security Testing (SAST) with 2 reviews. Coverity is rated 7.8, while GitHub Code Scanning is rated 9.6. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of GitHub Code Scanning writes "A highly stable solution that can be used for source code management". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas GitHub Code Scanning is most compared with SonarCloud, SonarQube, Polaris Software Integrity Platform and Veracode. See our Coverity vs. GitHub Code Scanning report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
