We performed a comparison between Coverity and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be."
"The solution has improved our code quality and security very well."
"One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited."
"We were very comfortable with the initial setup."
"The product has been beneficial in logging functionality, allowing me to categorize vulnerabilities based on severity. This aids in providing updated reports on subsequent scans."
"The features I find most valuable is that our entire company can publish the analysis results into our central space."
"It is a scalable solution."
"It provides reports about a lot of potential defects."
"You can download different plugins if you don't have them in the standard edition."
"With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp."
"The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately."
"I personally love its capability to automatically and accurately detect vulnerabilities. So, I would say it is the Burp scanner that is THE most powerful, valuable, and an awesome feature."
"The solution helped us discover vulnerabilities in our applications."
"The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs."
"There is no other tool like it. I like the intuitiveness and the plugins that are available."
"It is a time-saver application."
"Ideally, it would have a user-based license that does not have a restriction in the number of lines of code."
"We use GitHub and Gitflow, and Coverity does not fit with Gitflow. I have to create a screen for our branches, and it's a pain for developers. It has been difficult to integrate Coverity with our system."
"Coverity takes a lot of time to dereference null pointers."
"Right now, the Coverity executable is around 1.2GB to download. If they can reduce it to approximately 600 or 700MB, that would be great. If they decrease the executable, it will be much easier to work in an environment like Docker."
"They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier."
"I would like to see integration with popular IDEs, such as Eclipse."
"The solution is a bit complex to use in comparison to other products that have many plugins."
"Sometimes, vulnerabilities remain unidentified even after setting up the rules."
"As with most automated security tools, too many false positives."
"One thing that is not up to the mark in PortSwigger is web application testing. I found some issues with its performance and reporting. They should work on these and give us a better outcome."
"I am from Brazil. The currency exchange rate from a dollar to a Brazilian Real is quite steep. It is almost six to one. It would be good if it can be sold in the local currency, and its price is cheaper for us."
"We wish that the Spider feature would appear in the same shape that it does in previous versions."
"The biggest improvement that I would like to see from PortSwigger that today many people see as an issue in their testing. There might be a feature which might be desired."
"There is not much automation in the tool."
"The Initial setup is a bit complex."
"It should provide a better way to integrate with Jenkins so that DAST (dynamic application security testing) can be automated."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Coverity is ranked 4th in Static Application Security Testing (SAST) with 34 reviews while PortSwigger Burp Suite Professional is ranked 5th in Static Application Security Testing (SAST) with 57 reviews. Coverity is rated 7.8, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Qualys Web Application Scanning. See our Coverity vs. PortSwigger Burp Suite Professional report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.