We performed a comparison between Checkmarx One and Coverity based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is a stable product."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."
"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"The most valuable feature is the simple user interface."
"The only thing I like is that Checkmarx does not need to compile."
"The security analysis features are the most valuable features of this solution."
"The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code."
"Coverity gives advisory and deviation features, which are some of the parts I liked."
"The most valuable feature of Coverity is its software security feature called the Checker. If you share some vulnerability or weakness then the software can find any potential security bug or defect. The code integration tool enables some secure coding standards and implements some Checkers for Live Duo. So we can enable secure coding and Azure in this tool. So in our software, we can make sure our software combines some industry supervised data."
"Coverity is easy to set up and has a less lengthy process to find vulnerabilities."
"The app analysis is the most valuable feature as I know other solutions don't have that."
"This solution is easy to use."
"I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be."
"It would be really helpful if the level of confidence was included, with respect to identified issues."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."
"The solution's user interface could be improved because it seems outdated."
"The product should include more customization options. The analytics is not as deep as compared to SonarQube."
"Its price can be improved. Price is always an issue with Synopsys."
"The solution is a bit complex to use in comparison to other products that have many plugins."
"There should be additional IDE support."
"When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material."
"The setup takes very long."
"Sometimes, vulnerabilities remain unidentified even after setting up the rules."
"Coverity takes a lot of time to dereference null pointers."
Checkmarx One is ranked 3rd in Static Application Security Testing (SAST) with 67 reviews while Coverity is ranked 4th in Static Application Security Testing (SAST) with 33 reviews. Checkmarx One is rated 7.6, while Coverity is rated 7.8. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Coverity writes "Best SAST tool to check software quality issues". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Mend.io, whereas Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Veracode and Polyspace Code Prover. See our Checkmarx One vs. Coverity report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
