We performed a comparison between Coverity and Micro Focus Fortify on Demand based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Result: Based on the parameters we compared, Micro Focus Fortify on Demand comes out ahead of Coverity. Although both products have valuable features and can be estimated as high-end solutions, our reviewers found that Coverity is very expensive and has slow support.
"I like Coverity's capability to scan codes once we push it. We don't need more time to review our colleagues' codes. Its UI is pretty straightforward."
"The solution has improved our code quality and security very well."
"The security analysis features are the most valuable features of this solution."
"The most valuable feature is that there were not a whole lot of false positives, at least on the codebases that I looked at."
"One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited."
"The solution effectively identifies bugs in code."
"The product has been beneficial in logging functionality, allowing me to categorize vulnerabilities based on severity. This aids in providing updated reports on subsequent scans."
"We were very comfortable with the initial setup."
"Fortify on Demand is easy to use and the reporting is good."
"There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do."
"The most valuable feature is the capacity to be able to check vulnerabilities during the development process. The development team can check whether the code they are using is vulnerable to some type of attack or there is some type of vulnerability so that they can mitigate it. It helps us in achieving a more secure approach towards internal applications. It is an intuitive solution. It gives all the information that a developer needs to remediate a vulnerability in the coding process. It also gives you some examples of how to remediate a vulnerability in different programming languages. This solution is pretty much what we were searching for."
"Fortify helps us to stay updated with the newest languages and versions coming out."
"It improves future security scans."
"Speed and efficiency are great features."
"The most valuable features are the server, scanning, and it has helped identify issues with the security analysis."
"The most valuable feature is that it connects with your development platforms, such as Microsoft Information Server and Jira."
"Sometimes, vulnerabilities remain unidentified even after setting up the rules."
"It would be great if we could customize the rules to focus on critical issues."
"Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better."
"Coverity takes a lot of time to dereference null pointers."
"The tool needs to improve its reporting."
"They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier."
"Coverity is not stable."
"Ideally, it would have a user-based license that does not have a restriction in the number of lines of code."
"We typically do our bulk uploads of our scans with some automation at the end of the development cycle but the scanning can take a lot of time. If you were doing all of it at regular intervals it would still consume a lot of time. This could procedure could improve."
"I would like the solution to add AI support."
"It lacks of some important features that the competitors have, such as Software Composition Analysis, full dead code detection, and Agile Alliance's Best Practices and Technical Debt."
"Integration to CI/CD pipelines could be improved. The reporting format could be more user friendly so that it is easy to read."
"Fortify on Demand needs to improve its pricing."
"An improvement would be the ability to get vulnerabilities flowing automatically into another system."
"In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication. They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful."
"The products must provide better integration with build tools."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 34 reviews while Fortify on Demand is ranked 9th in Static Application Security Testing (SAST) with 57 reviews. Coverity is rated 7.8, while Fortify on Demand is rated 8.0. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". Coverity is most compared with SonarQube, Klocwork, Checkmarx One, Veracode and Polyspace Code Prover, whereas Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Fortify WebInspect and Snyk. See our Coverity vs. Fortify on Demand report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.