We performed a comparison between Coverity and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product is easy to use."
"It has the lowest false positives."
"The security analysis features are the most valuable features of this solution."
"One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited."
"The most valuable feature is the integration with Jenkins."
"This solution is easy to use."
"The interface of Coverity is quite good, and it is also easy to use."
"The solution has improved our code quality and security very well."
"It is easy to use."
"It is a cloud-based solution, so it is easy to scale."
"This product is designed for easy scalability and can easily scale up without major challenges."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile)."
"The product prevents possible vulnerabilities in our network."
"The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
"Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box."
"Reporting engine needs to be more robust."
"Coverity takes a lot of time to dereference null pointers."
"The tool needs to improve its reporting."
"They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier."
"There should be additional IDE support."
"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."
"The product lacks sufficient customization options."
"Its price can be improved. Price is always an issue with Synopsys."
"The solution needs to adjust its pricing. They should make it more affordable."
"Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."
"Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly."
"The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes."
"The product's pricing could be better."
"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."
"We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."
"The scanner reports a lot of false positives, which is something that needs to be improved."
More Qualys Web Application Scanning Pricing and Cost Advice →
Coverity is ranked 4th in Static Application Security Testing (SAST) with 34 reviews while Qualys Web Application Scanning is ranked 14th in Static Application Security Testing (SAST) with 31 reviews. Coverity is rated 7.8, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Fortify WebInspect. See our Coverity vs. Qualys Web Application Scanning report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.