We performed a comparison between Coverity and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited."
"The solution effectively identifies bugs in code."
"The most valuable feature is that there were not a whole lot of false positives, at least on the codebases that I looked at."
"The interface of Coverity is quite good, and it is also easy to use."
"The features I find most valuable is that our entire company can publish the analysis results into our central space."
"It's pretty stable. I rate the stability of Coverity nine out of ten."
"The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code."
"Coverity is quite stable and we haven’t had any issues or any downtime."
"Being able to scan our applications and identify all codes and defects is an extremely valuable feature."
"The tech support has been very much on the forefront of contacting customers. They help us by making sure all the processes have been outlined and are being followed. They regularly look with us at the whole platform process."
"The SAST and DAST modules are great."
"It scans for the OWASP top-10 security flaws at the dynamic level and, at the static level, it scans for all the warnings so that developers can fix the code before we go to UAT or the next phase."
"Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM to verify that everything's going well. If we have any outstanding issues, they get serviced and addressed."
"The time savings has been tremendous. We saw ROI in the first six months."
"Ad-hoc scanning during the development cycle and reports for audits are valuable features."
"The analysis of the vulnerabilities and the results are the most valuable features."
"Sometimes, vulnerabilities remain unidentified even after setting up the rules."
"It would be great if we could customize the rules to focus on critical issues."
"The tool needs to improve its reporting."
"Coverity is far from perfection, and I'm not 100 percent sure it's helping me find what I need to find in my role. We need exactly what we are looking for, i.e. security errors and vulnerabilities. It doesn't seem to be reporting while we are changing our code."
"Coverity is not stable."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"SCM integration is very poor in Coverity."
"The level of vulnerability that this solution covers could be improved compared to other open source tools."
"Some features could be improved in terms of user-friendliness."
"The area with the most room for improvement is the speed and responsiveness of the query, as it is usually very slow."
"Searching for applications in Veracode is a little bit difficult. We have to minimize the length of an application's name to 47 characters. It would be good if this limit could be increased so that an application's name can be properly reflected in Veracode."
"Their platform is not consistent. It needs a lot of user experience updates. It's slow performing, and they log you out of the system every 15 minutes, so using the platform is challenging from a developer's perspective because you always have to log in."
"There are times when certain modules cannot be scanned automatically, requiring us to manually select these modules and initiate the scanning process on our side."
"The interface is one thing I find a little challenging. Veracode's interface feels a little outdated compared to other solutions, and it could be modernized. I'm mostly happy with the features, but Vercaode could add Docker image scanning."
"The training lab is not very user-friendly and takes a long time to set up."
"It needs better APIs, reporting that I can easily query through the APIs and, preferably, a license model that I can predict."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 33 reviews while Veracode is ranked 2nd in Static Application Security Testing (SAST) with 194 reviews. Coverity is rated 7.8, while Veracode is rated 8.2. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Polyspace Code Prover, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and SonarCloud. See our Coverity vs. Veracode report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
