We performed a comparison between Coverity and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be."
"The product has been beneficial in logging functionality, allowing me to categorize vulnerabilities based on severity. This aids in providing updated reports on subsequent scans."
"Coverity is scalable."
"One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited."
"The most valuable feature of Coverity is its software security feature called the Checker. If you share some vulnerability or weakness then the software can find any potential security bug or defect. The code integration tool enables some secure coding standards and implements some Checkers for Live Duo. So we can enable secure coding and Azure in this tool. So in our software, we can make sure our software combines some industry supervised data."
"The interface of Coverity is quite good, and it is also easy to use."
"It has the lowest false positives."
"The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent."
"The product is useful, particularly in its sensitivity and scanning capabilities."
"Technical support is helpful."
"The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL."
"It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code."
"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
"The reporting part is the most valuable feature."
"It was easy to set up."
"You can easily find particular features and functions through the UI."
"SCM integration is very poor in Coverity."
"Reporting engine needs to be more robust."
"Coverity takes a lot of time to dereference null pointers."
"The tool needs to improve its reporting."
"There should be additional IDE support."
"We'd like it to be faster."
"The setup takes very long."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"Sometimes it doesn't work so well."
"The pricing has room for improvement."
"There is not a central management for static and dynamic."
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"They could add a software component analysis tool."
"They have to improve support."
"IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications."
Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews while HCL AppScan is ranked 12th in Application Security Testing (AST) with 40 reviews. Coverity is rated 7.8, while HCL AppScan is rated 7.6. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Checkmarx One. See our Coverity vs. HCL AppScan report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.