We performed a comparison between Coverity and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be."
"The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent."
"The app analysis is the most valuable feature as I know other solutions don't have that."
"The features I find most valuable is that our entire company can publish the analysis results into our central space."
"The solution effectively identifies bugs in code."
"The most valuable feature of Coverity is its software security feature called the Checker. If you share some vulnerability or weakness then the software can find any potential security bug or defect. The code integration tool enables some secure coding standards and implements some Checkers for Live Duo. So we can enable secure coding and Azure in this tool. So in our software, we can make sure our software combines some industry supervised data."
"I like Coverity's capability to scan codes once we push it. We don't need more time to review our colleagues' codes. Its UI is pretty straightforward."
"It's pretty stable. I rate the stability of Coverity nine out of ten."
"It is easy to use for us developers. It supports so many languages: C#, .NET Core, .NET Framework, and it even scans some of our JavaScript. You just need the extension to upload the files and the reports are generated with so much detail."
"For our rapid, secure DevOps cycle, we have integration of the Vericode API into our build tool, and Greenlight into our IDE."
"The most valuable feature is the seamless automation of Veracode via the pipeline, in comparison to other solutions like Fortify SSC, which are complex to integrate through the pipeline."
"The article scanning is excellent."
"Scanning of .war and .jar is key for us."
"The integration capabilities with our existing development tools are very good."
"Veracode creates a list of issues. You can go through them one by one and click through to a new window with all the information about the issue discovered."
"The automation of Veracode is great because we no longer have to run manual testing."
"There should be additional IDE support."
"It should be easier to specify your own validation routines and sanitation routines."
"Reporting engine needs to be more robust."
"SCM integration is very poor in Coverity."
"Its price can be improved. Price is always an issue with Synopsys."
"The setup takes very long."
"Ideally, it would have a user-based license that does not have a restriction in the number of lines of code."
"I would like to see integration with popular IDEs, such as Eclipse."
"The interface is one thing I find a little challenging. Veracode's interface feels a little outdated compared to other solutions, and it could be modernized. I'm mostly happy with the features, but Vercaode could add Docker image scanning."
"Sometimes, I get feedback from a developer saying, "They are scanning a Python code, but getting feedback around Java code." While the remediation and guidelines are there, improvement is still required, e.g., you won't get the exact guidelines, but you can get some sort of a high-level insights."
"The JIRA integration automation aspect of it could be improved significantly. We want to have a way to create tickets that are going to allow people to work through those flaws that we're finding. We don't want people to feel like they're missing out on something or that they're not following directions in the right way."
"Veracode should make it easier to navigate between the solutions that they offer, i.e. between dynamic, static, and the source code analysis."
"In some cases we use their APIs; they're not as rich as I would like."
"I've seen slightly better static analysis tools from other companies when it comes to speed and ease of use."
"Scanning progress is highly dependent on the speed of the Internet."
"From what we have seen of Veracode's SCA offering, it is just average."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 33 reviews while Veracode is ranked 2nd in Static Application Security Testing (SAST) with 194 reviews. Coverity is rated 7.8, while Veracode is rated 8.2. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Polyspace Code Prover, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and SonarCloud. See our Coverity vs. Veracode report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.