We performed a comparison between Checkmarx One and Coverity based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It shows in-depth code of where actual vulnerabilities are."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"The most valuable feature for me is the Jenkins Plugin."
"The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."
"The setup is fairly easy. We didn't struggle with the process at all."
"The most valuable feature is the simple user interface."
"From my point of view, it is the best product on the market."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"The most valuable feature of Coverity is its software security feature called the Checker. If you share some vulnerability or weakness then the software can find any potential security bug or defect. The code integration tool enables some secure coding standards and implements some Checkers for Live Duo. So we can enable secure coding and Azure in this tool. So in our software, we can make sure our software combines some industry supervised data."
"The interface of Coverity is quite good, and it is also easy to use."
"The product has deeper scanning capabilities."
"The product is easy to use."
"The product has been beneficial in logging functionality, allowing me to categorize vulnerabilities based on severity. This aids in providing updated reports on subsequent scans."
"It's pretty stable. I rate the stability of Coverity nine out of ten."
"We were very comfortable with the initial setup."
"The most valuable feature of Coverity is the wrapper. We use the wrapper to build the C++ component, then we use the other code analysis to analyze the code to the build object, and then send back the result to the SonarQube server. Additionally, it is a powerful capabilities solution."
"Checkmarx is not good because it has too many false positive issues."
"It is an expensive solution."
"There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver."
"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."
"Meta data is always needed."
"I would like to see the DAST solution in the future."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"Its user interface could be improved and made more friendly."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"Coverity is far from perfection, and I'm not 100 percent sure it's helping me find what I need to find in my role. We need exactly what we are looking for, i.e. security errors and vulnerabilities. It doesn't seem to be reporting while we are changing our code."
"SCM integration is very poor in Coverity."
"The solution's user interface and quality gate could be improved."
"The level of vulnerability that this solution covers could be improved compared to other open source tools."
"Ideally, it would have a user-based license that does not have a restriction in the number of lines of code."
"There should be additional IDE support."
"The setup takes very long."
Checkmarx One is ranked 3rd in Application Security Testing (AST) with 67 reviews while Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews. Checkmarx One is rated 7.6, while Coverity is rated 7.8. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Coverity writes "Best SAST tool to check software quality issues". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Mend.io, whereas Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Veracode and Polyspace Code Prover. See our Checkmarx One vs. Coverity report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.