We performed a comparison between Coverity and Micro Focus Fortify on Demand based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Result: Based on the parameters we compared, Micro Focus Fortify on Demand comes out ahead of Coverity. Although both products have valuable features and can be estimated as high-end solutions, our reviewers found that Coverity is very expensive and has slow support.
"Coverity is quite stable and we haven’t had any issues or any downtime."
"This solution is easy to use."
"The interface of Coverity is quite good, and it is also easy to use."
"The security analysis features are the most valuable features of this solution."
"It is a scalable solution."
"It's pretty stable. I rate the stability of Coverity nine out of ten."
"The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code."
"It's very stable."
"I don’t know of any other On-Demand enterprise solution like this one where we can load the details and within a few days, receive the results of intrusion attacks, and work with HP Security Experts when needed for clarification"
"Fortify on Demand can be scaled very easily."
"The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it."
"Fortify helps us to stay updated with the newest languages and versions coming out."
"The SAST feature is the most valuable."
"The solution is very fast."
"It improves future security scans."
"The installation was easy."
"The product lacks sufficient customization options."
"We'd like it to be faster."
"Reporting engine needs to be more robust."
"When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material."
"The solution could use more rules."
"Right now, the Coverity executable is around 1.2GB to download. If they can reduce it to approximately 600 or 700MB, that would be great. If they decrease the executable, it will be much easier to work in an environment like Docker."
"Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better."
"The solution is a bit complex to use in comparison to other products that have many plugins."
"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."
"In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication. They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful."
"Fortify on Demand could be improved with support in Russia."
"The biggest deficiency is the integration with bug tracker systems. It might be better if the configuration screen presented for accessing the bug tracking systems could provide some flexibility."
"With Rapid7 I utilized its reporting capabilities to deliver Client Reports within just a few minutes of checking the data. I believe that HP’s FoD Clients could sell more services to clients if HP put more effort into delivering visually pleasing reporting capabilities."
"The UI could be better. Fortify should also suggest new packages in the product that can be upgraded. Currently, it shows that, but it's not visible enough. In future versions, I would like more insights about the types of vulnerabilities and the pages associated with the exact CVE."
"There are lots of limitations with code technology. It cannot scan .net properly either."
"I would like to see improvement in CI integration and integration with GitLab or Jenkins. It needs to be more simple."
Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews while Fortify on Demand is ranked 9th in Application Security Testing (AST) with 56 reviews. Coverity is rated 7.8, while Fortify on Demand is rated 8.0. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". Coverity is most compared with SonarQube, Klocwork, Checkmarx One, Veracode and Polyspace Code Prover, whereas Fortify on Demand is most compared with SonarQube, Checkmarx One, Veracode, Fortify WebInspect and Snyk. See our Coverity vs. Fortify on Demand report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.