We performed a comparison between Coverity and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Coverity gives advisory and deviation features, which are some of the parts I liked."
"The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code."
"The most valuable feature of Coverity is the wrapper. We use the wrapper to build the C++ component, then we use the other code analysis to analyze the code to the build object, and then send back the result to the SonarQube server. Additionally, it is a powerful capabilities solution."
"The security analysis features are the most valuable features of this solution."
"It has the lowest false positives."
"The reporting feature is up to the mark."
"The features I find most valuable is that our entire company can publish the analysis results into our central space."
"It is a scalable solution."
"It's great that we can use it with Portswigger Burp."
"The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, it's very difficult."
"Simple to use, good user interface."
"The scalability of this product is very good."
"The product helps users to scan and fix vulnerabilities in the pipeline."
"The solution has tightened our security."
"The OWASP's tool is free of cost, which gives it a great advantage, especially for smaller companies to make use of the tool."
"It updates repositories and libraries quickly."
"Coverity takes a lot of time to dereference null pointers."
"The solution's user interface and quality gate could be improved."
"Coverity is not stable."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"SCM integration is very poor in Coverity."
"There should be additional IDE support."
"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word list, or manually created."
"As security evolves, we would like DevOps built into it. As of now, Zap does not provide this."
"There isn't too much information about it online."
"The product should allow users to customize the report based on their needs."
"Too many false positives; test reports could be improved."
"The work that it does in the limited scope is good, but the scope is very limited in terms of the scanning features. The number of things it tests or finds is limited. They need to make it a more of a mainstream tool that people can use, and they can even think about having it on a proprietary basis. They need to increase the coverage of the scan and the results that it finds. That has always been Zap's limitation. Zap is a very good tool for a beginner, but once you start moving up the ladder where you want further details and you want your scan to show more in-depth results, Zap falls short because its coverage falls short. It does not have the capacity to do more."
"The documentation needs to be improved because I had to learn everything from watching YouTube videos."
"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 34 reviews while OWASP Zap is ranked 7th in Static Application Security Testing (SAST) with 37 reviews. Coverity is rated 7.8, while OWASP Zap is rated 7.6. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and PortSwigger Burp Suite Professional. See our Coverity vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.