We performed a comparison between Checkmarx One and Coverity based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"Scan reviews can occur during the development lifecycle."
"The value you can get out of the speedy production may be worth the price tag."
"The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."
"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent."
"The interface of Coverity is quite good, and it is also easy to use."
"This solution is easy to use."
"The solution effectively identifies bugs in code."
"The security analysis features are the most valuable features of this solution."
"The solution has improved our code quality and security very well."
"Provides software security, and helps to find potential security bugs or defects."
"Coverity is scalable."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"I would like to see the tool’s pricing improved."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"The reports are good, but they still need to be improved considering what the UI offers."
"I would like to see the DAST solution in the future."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"The setup takes very long."
"The level of vulnerability that this solution covers could be improved compared to other open source tools."
"It should be easier to specify your own validation routines and sanitation routines."
"The solution could use more rules."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"Its price can be improved. Price is always an issue with Synopsys."
"The tool needs to improve its reporting."
"Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better."
Checkmarx One is ranked 3rd in Application Security Testing (AST) with 67 reviews while Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews. Checkmarx One is rated 7.6, while Coverity is rated 7.8. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Coverity writes "Best SAST tool to check software quality issues". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Mend.io, whereas Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Veracode and Polyspace Code Prover. See our Checkmarx One vs. Coverity report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.