We performed a comparison between Coverity and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Provides software security, and helps to find potential security bugs or defects."
"It's very stable."
"The app analysis is the most valuable feature as I know other solutions don't have that."
"The most valuable feature is that there were not a whole lot of false positives, at least on the codebases that I looked at."
"The interface of Coverity is quite good, and it is also easy to use."
"It provides reports about a lot of potential defects."
"The product has been beneficial in logging functionality, allowing me to categorize vulnerabilities based on severity. This aids in providing updated reports on subsequent scans."
"I like Coverity's capability to scan codes once we push it. We don't need more time to review our colleagues' codes. Its UI is pretty straightforward."
"Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box."
"The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not."
"Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile)."
"It is a very stable solution."
"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"SCM integration is very poor in Coverity."
"It should be easier to specify your own validation routines and sanitation routines."
"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."
"Some features are not performing well, like duplicate detection and switch case situations."
"The setup takes very long."
"There should be additional IDE support."
"The solution is a bit complex to use in comparison to other products that have many plugins."
"Sometimes it's a bit hard to figure out how to use the product’s UI."
"There should be better visibility into the application."
"The pricing does not seem to be competitive."
"The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected."
"In certain cases, this product does have false positives, which the company should work on."
"The solution needs to adjust its pricing. They should make it more affordable."
"We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error."
"The support could be faster."
"It should have better automatic reporting."
More Qualys Web Application Scanning Pricing and Cost Advice →
Coverity is ranked 4th in Static Application Security Testing (SAST) with 34 reviews while Qualys Web Application Scanning is ranked 14th in Static Application Security Testing (SAST) with 31 reviews. Coverity is rated 7.8, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas Qualys Web Application Scanning is most compared with OWASP Zap, SonarQube, Veracode, PortSwigger Burp Suite Professional and Fortify WebInspect. See our Coverity vs. Qualys Web Application Scanning report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.