We performed a comparison between Coverity and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The features I find most valuable is that our entire company can publish the analysis results into our central space."
"The solution has improved our code quality and security very well."
"The app analysis is the most valuable feature as I know other solutions don't have that."
"The solution effectively identifies bugs in code."
"One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited."
"The interface of Coverity is quite good, and it is also easy to use."
"It provides reports about a lot of potential defects."
"This solution is easy to use."
"Technical support is helpful."
"We are now deploying less defects to production."
"The solution is easy to install. I would rate the product's setup between six to seven out of ten. The deployment time depends on the applications that need to be scanned. We have a development and operations team to take care of the product's maintenance."
"It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code."
"It identifies all the URLs and domains on its own and then performs tests and provides the results."
"Compared to other tools only AppScan supports special language."
"You can easily find particular features and functions through the UI."
"It was easy to set up."
"We use GitHub and Gitflow, and Coverity does not fit with Gitflow. I have to create a screen for our branches, and it's a pain for developers. It has been difficult to integrate Coverity with our system."
"Reporting engine needs to be more robust."
"Some features are not performing well, like duplicate detection and switch case situations."
"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."
"Coverity is not stable."
"The level of vulnerability that this solution covers could be improved compared to other open source tools."
"Sometimes, vulnerabilities remain unidentified even after setting up the rules."
"Right now, the Coverity executable is around 1.2GB to download. If they can reduce it to approximately 600 or 700MB, that would be great. If they decrease the executable, it will be much easier to work in an environment like Docker."
"I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers."
"The solution often has a high number of false positives. It's an aspect they really need to improve upon."
"AppScan is too complicated and should be made more user-friendly."
"The databases for HCL are small and have room for improvement."
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
"Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its features."
"There is not a central management for static and dynamic."
"They could add a software component analysis tool."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 34 reviews while HCL AppScan is ranked 11th in Static Application Security Testing (SAST) with 41 reviews. Coverity is rated 7.8, while HCL AppScan is rated 7.8. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and OWASP Zap. See our Coverity vs. HCL AppScan report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
