We performed a comparison between Coverity and Mend.io based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is a scalable solution."
"Coverity is quite stable and we haven’t had any issues or any downtime."
"The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent."
"The app analysis is the most valuable feature as I know other solutions don't have that."
"It has the lowest false positives."
"The product is easy to use."
"The most valuable feature of Coverity is its software security feature called the Checker. If you share some vulnerability or weakness then the software can find any potential security bug or defect. The code integration tool enables some secure coding standards and implements some Checkers for Live Duo. So we can enable secure coding and Azure in this tool. So in our software, we can make sure our software combines some industry supervised data."
"The most valuable feature of Coverity is the wrapper. We use the wrapper to build the C++ component, then we use the other code analysis to analyze the code to the build object, and then send back the result to the SonarQube server. Additionally, it is a powerful capabilities solution."
"The solution boasts a broad range of features and covers much of what an ideal SCA tool should."
"For us, the most valuable tool was open-source licensing analysis."
"WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful."
"We can take some measures to improve things, replace a library, or update a library which was too old or showed severe bugs."
"It gives us full visibility into what we're using, what needs to be updated, and what's vulnerable, which helps us make better decisions."
"The most valuable feature is the inventory, where it compiles a list of all of the third-party libraries that we have on our estate."
"The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business."
"The dashboard view and the management view are most valuable."
"Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better."
"It should be easier to specify your own validation routines and sanitation routines."
"We use GitHub and Gitflow, and Coverity does not fit with Gitflow. I have to create a screen for our branches, and it's a pain for developers. It has been difficult to integrate Coverity with our system."
"Coverity is not stable."
"The tool needs to improve its reporting."
"There should be additional IDE support."
"Its price can be improved. Price is always an issue with Synopsys."
"The setup takes very long."
"WhiteSource only produces a report, which is nice to look at. However, you have to check that report every week, to see if something was found that you don't want. It would be great if the build that's generating a report would fail if it finds a very important vulnerability, for instance."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
"We have ended our relationship with WhiteSource. We were using an agent that we built in the pipeline so that you can scan the projects during build time. But unfortunately, that agent didn't work at all. We have more than 500 projects, and it doubled or tripled the build time. For other projects, we had the failure of the builds without any known reason. It was not usable at all. We spent maybe one year working on the issues to try to make it work, but it didn't in the end. We should be able to integrate it with ID and Shift Left so that the developers are able to see the scan results without waiting for the build to fail."
"WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers."
"We have been looking at how we could improve the automation to human involvement ratio from 60:40 to 70:30, or even potentially 80:20, as there is room for improvement here. We are discussing this internally and with Mend; they are very accommodating to us. We think they openly receive our feedback and do their best to implement our thoughts into the roadmap."
"I would like to have an additional compliance pack. Currently, it does not have anything for the CIS framework or the NIST framework. If we directly run a scan, and it is under the CIS framework, we can directly tell the auditor that this product is now CIS compliant."
"Make the product available in a very stable way for other web browsers."
"The turnaround time for upgrading databases for this tool as well as the accuracy could be improved."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 34 reviews while Mend.io is ranked 4th in Software Composition Analysis (SCA) with 29 reviews. Coverity is rated 7.8, while Mend.io is rated 8.4. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand and Checkmarx One, whereas Mend.io is most compared with SonarQube, Black Duck, Veracode, Snyk and GitLab. See our Coverity vs. Mend.io report.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.