• Home
  • Coverity vs. OWASP Zap

Coverity vs OWASP Zap comparison

Cancel
You must select at least 2 products to compare!
Synopsys Logo
Coverity
Read 33 Coverity reviews
17,611 views|11,453 comparisons
88% willing to recommend
OWASP Logo
OWASP Zap
Read 37 OWASP Zap reviews
20,743 views|9,827 comparisons
87% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Coverity vs. OWASP Zap
May 2024
Executive Summary

We performed a comparison between Coverity and OWASP Zap based on real PeerSpot user reviews.

Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Coverity vs. OWASP Zap Report (Updated: May 2024).
Download the complete report
770,292 professionals have used our research since 2012.
Featured Review
Estefania Ramirez
Great app analysis, support, and pricing
The product allows us to find vulnerabilities while testing our apps.
Delmain Deyzel
Enables to perform general health checks and ensure the sites are secure
The solution helped identify attacks like Cross-site Scripting and SQL Injection. We can perform general health checks to see if the site is... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited.""Coverity is quite stable and we haven’t had any issues or any downtime.""The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent.""The most valuable feature of Coverity is its software security feature called the Checker. If you share some vulnerability or weakness then the software can find any potential security bug or defect. The code integration tool enables some secure coding standards and implements some Checkers for Live Duo. So we can enable secure coding and Azure in this tool. So in our software, we can make sure our software combines some industry supervised data.""The solution effectively identifies bugs in code.""The most valuable feature is the integration with Jenkins.""The interface of Coverity is quite good, and it is also easy to use.""This solution is easy to use."

More Coverity Pros →

"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope.""You can run it against multiple targets.""The stability of the solution is very good.""Simple to use, good user interface.""The HUD is a good feature that provides on-site testing and saves a lot of time.""They offer free access to some other tools.""Fuzzer and Java APIs help a lot with our custom needs.""It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."

More OWASP Zap Pros →

Cons
"It would be great if we could customize the rules to focus on critical issues.""I would like to see integration with popular IDEs, such as Eclipse.""The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming.""They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier.""SCM integration is very poor in Coverity.""Ideally, it would have a user-based license that does not have a restriction in the number of lines of code.""Sometimes, vulnerabilities remain unidentified even after setting up the rules.""We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."

More Coverity Cons →

"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word ​list, or manually created.""They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better.""Zap could improve by providing better reports for security and recommendations for the vulnerabilities.""Deployment is somewhat complicated.""There are too many false positives.""OWASP Zap needs to extend to mobile application testing.""There isn't too much information about it online.""It needs more robust reporting tools."

More OWASP Zap Cons →

Pricing and Cost Advice
  • "Coverity is quite expensive."
  • "The licensing fees are based on the number of lines of code."
  • "The price is competitive with other solutions."
  • "It is expensive."
  • "Coverity is very expensive."
  • "This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis."
  • "The pricing is very reasonable compared to other platforms. It is based on a three year license."
  • "The pricing is on the expensive side, and we are paying for a couple of items."

    • More Coverity Pricing and Cost Advice →

  • "It is highly recommended as it is an open source tool."
  • "It's free and open, currently under the Apache 2 license. If ZAP does what you need it to do, selling a free solution is a very easy."
  • "OWASP ZAP is a free tool provided by OWASP’s engineers and experts. There is an option to donate."
  • "As Zap is free and open-source, with tons of features similar to those of commercial solutions, I would definitely recommend trying it out."
  • "It's free. It's good for us because we don't know what the extent of our use will be yet. It's good to start with something free and easy to use."
  • "OWASP Zap is free to use."
  • "This app is completely free and open source. So there is no question about any pricing."
  • "This is an open-source solution and can be used free of charge."

    • More OWASP Zap Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    See Recommendations
    770,292 professionals have used our research since 2012.
    Questions from the Community
    How would you decide between Coverity and Sonarqube?
    Top Answer:We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing… more »
    What do you like most about Coverity?
    Top Answer:The solution has improved our code quality and security very well.
    Read all 23 answers   →
    What is your experience regarding pricing and costs for Coverity?
    Top Answer:The tool was fairly priced.
    Read all 20 answers   →
    Is OWASP Zap better than PortSwigger Burp Suite Pro?
    Top Answer:OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with… more »
    Read all 3 answers   →
    What do you like most about OWASP Zap?
    Top Answer:The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, it's… more »
    Read all 28 answers   →
    What is your experience regarding pricing and costs for OWASP Zap?
    Top Answer:The tool is open source.
    Read all 16 answers   →
    Ranking
    4th
    out of 67 in Application Security Testing (AST)
    Views
    17,611
    Comparisons
    11,453
    Reviews
    22
    Average Words per Review
    382
    Rating
    8.0
    7th
    out of 67 in Application Security Testing (AST)
    Views
    20,743
    Comparisons
    9,827
    Reviews
    12
    Average Words per Review
    392
    Rating
    7.6
    Comparisons
    SonarQube logo
    SonarQube vs. Coverity
    Compared 51% of the time.
    Klocwork logo
    Klocwork vs. Coverity
    Compared 9% of the time.
    Fortify on Demand logo
    Fortify on Demand vs. Coverity
    Compared 7% of the time.
    Checkmarx One logo
    Checkmarx One vs. Coverity
    Compared 6% of the time.
    Veracode logo
    Veracode vs. Coverity
    Compared 5% of the time.
    More Coverity Competitors   →
    SonarQube logo
    SonarQube vs. OWASP Zap
    Compared 21% of the time.
    Acunetix logo
    Acunetix vs. OWASP Zap
    Compared 13% of the time.
    Veracode logo
    Veracode vs. OWASP Zap
    Compared 9% of the time.
    More OWASP Zap Competitors   →
    Also Known As
    Synopsys Static Analysis
    Learn More
    Synopsys
    OWASP
    Overview

    Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts. 

    Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports 22 languages and over 70 frameworks and templates.

    OWASP Zap is a free and open-source web application security scanner. 

    The solution helps developers identify vulnerabilities in their web applications by actively scanning for common security issues. 

    With its user-friendly interface and powerful features, Zap is a popular choice among developers for ensuring the security of their web applications.

    Sample Customers
    MStar Semiconductor, Alcatel-Lucent
    1. Google 2. Microsoft 3. IBM 4. Amazon 5. Facebook 6. Twitter 7. LinkedIn 8. Netflix 9. Adobe 10. PayPal 11. Salesforce 12. Cisco 13. Oracle 14. Intel 15. HP 16. Dell 17. VMware 18. Symantec 19. McAfee 20. Citrix 21. Red Hat 22. Juniper Networks 23. SAP 24. Accenture 25. Deloitte 26. Ernst & Young 27. PwC 28. KPMG 29. Capgemini 30. Infosys 31. Wipro 32. TCS
    Top Industries
    REVIEWERS
    Manufacturing Company36%
    Comms Service Provider20%
    Computer Software Company20%
    Retailer8%
    VISITORS READING REVIEWS
    Manufacturing Company28%
    Computer Software Company16%
    Financial Services Firm8%
    Government4%
    REVIEWERS
    Computer Software Company25%
    Financial Services Firm15%
    Retailer10%
    Energy/Utilities Company10%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Financial Services Firm10%
    Government7%
    Comms Service Provider7%
    Company Size
    REVIEWERS
    Small Business16%
    Midsize Enterprise14%
    Large Enterprise70%
    VISITORS READING REVIEWS
    Small Business14%
    Midsize Enterprise10%
    Large Enterprise76%
    REVIEWERS
    Small Business22%
    Midsize Enterprise30%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise15%
    Large Enterprise64%
    Buyer's Guide
    Coverity vs. OWASP Zap
    May 2024
    Free Report: Coverity vs. OWASP Zap
    Find out what your peers are saying about Coverity vs. OWASP Zap and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    770,292 professionals have used our research since 2012.

    Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews while OWASP Zap is ranked 7th in Application Security Testing (AST) with 37 reviews. Coverity is rated 7.8, while OWASP Zap is rated 7.6. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, PortSwigger Burp Suite Professional and Veracode. See our Coverity vs. OWASP Zap report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.