We performed a comparison between Coverity and GitHub Code Scanning based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST)."The product has deeper scanning capabilities."
"One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited."
"It has the lowest false positives."
"The app analysis is the most valuable feature as I know other solutions don't have that."
"The product is easy to use."
"The most valuable feature of Coverity is its software security feature called the Checker. If you share some vulnerability or weakness then the software can find any potential security bug or defect. The code integration tool enables some secure coding standards and implements some Checkers for Live Duo. So we can enable secure coding and Azure in this tool. So in our software, we can make sure our software combines some industry supervised data."
"The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code."
"The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent."
"We use GitHub Code Scanning mostly for source code management."
"Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better."
"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."
"I would like to see integration with popular IDEs, such as Eclipse."
"The solution is a bit complex to use in comparison to other products that have many plugins."
"Right now, the Coverity executable is around 1.2GB to download. If they can reduce it to approximately 600 or 700MB, that would be great. If they decrease the executable, it will be much easier to work in an environment like Docker."
"SCM integration is very poor in Coverity."
"The solution's user interface and quality gate could be improved."
"It would be great if we could customize the rules to focus on critical issues."
"GitHub Code Scanning should add more templates."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 33 reviews while GitHub Code Scanning is ranked 20th in Static Application Security Testing (SAST) with 1 review. Coverity is rated 7.8, while GitHub Code Scanning is rated 10.0. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of GitHub Code Scanning writes "A highly stable solution that can be used for source code management". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas GitHub Code Scanning is most compared with SonarCloud, SonarQube, Polaris Software Integrity Platform and Veracode.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.