We performed a comparison between Coverity and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is a scalable solution."
"The product is easy to use."
"It's very stable."
"The app analysis is the most valuable feature as I know other solutions don't have that."
"One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited."
"The security analysis features are the most valuable features of this solution."
"The most valuable feature is the integration with Jenkins."
"It has the lowest false positives."
"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
"The security and the dashboard are the most valuable features."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"We are now deploying less defects to production."
"Technical support is helpful."
"The static scans are good, and the SaaS as well."
"It was easy to set up."
"The most valuable feature of the solution is Postman."
"I would like to see integration with popular IDEs, such as Eclipse."
"Coverity is far from perfection, and I'm not 100 percent sure it's helping me find what I need to find in my role. We need exactly what we are looking for, i.e. security errors and vulnerabilities. It doesn't seem to be reporting while we are changing our code."
"Coverity takes a lot of time to dereference null pointers."
"Ideally, it would have a user-based license that does not have a restriction in the number of lines of code."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."
"SCM integration is very poor in Coverity."
"The solution's user interface and quality gate could be improved."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications."
"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."
"There is room for improvement in the pricing model."
"I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources."
"There are so many lines of code with so many different categories that I am likely to get lost. "
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its features."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 34 reviews while HCL AppScan is ranked 12th in Static Application Security Testing (SAST) with 41 reviews. Coverity is rated 7.8, while HCL AppScan is rated 7.8. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, OWASP Zap and PortSwigger Burp Suite Professional. See our Coverity vs. HCL AppScan report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.