We performed a comparison between Coverity and Micro Focus Fortify on Demand based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Result: Based on the parameters we compared, Micro Focus Fortify on Demand comes out ahead of Coverity. Although both products have valuable features and can be estimated as high-end solutions, our reviewers found that Coverity is very expensive and has slow support.
"The most valuable feature is the integration with Jenkins."
"The product has been beneficial in logging functionality, allowing me to categorize vulnerabilities based on severity. This aids in providing updated reports on subsequent scans."
"The product is easy to use."
"One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited."
"The features I find most valuable is that our entire company can publish the analysis results into our central space."
"It's very stable."
"The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time."
"Provides software security, and helps to find potential security bugs or defects."
"It helps deploy and track changes easily as per time-to-time market upgrades."
"We identified a lot of security vulnerability much earlier in the development and could fix this well before the product was rolled out to a huge number of clients."
"The scanning capabilities, particularly for our repositories, have been invaluable."
"Fortify helps us to stay updated with the newest languages and versions coming out."
"One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that."
"The most valuable features are the detailed reporting and the ability to set up deep scanning of the software, both of which are in the same place."
"The features that I have found most valuable include its security scan, the vulnerability finds, and the web interface to search and review the issues."
"The solution is user-friendly."
"The solution is a bit complex to use in comparison to other products that have many plugins."
"Its price can be improved. Price is always an issue with Synopsys."
"The product lacks sufficient customization options."
"The solution's user interface and quality gate could be improved."
"I would like to see integration with popular IDEs, such as Eclipse."
"It should be easier to specify your own validation routines and sanitation routines."
"Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better."
"The level of vulnerability that this solution covers could be improved compared to other open source tools."
"Integration to CI/CD pipelines could be improved. The reporting format could be more user friendly so that it is easy to read."
"There's a bit of a learning curve. Our development team is struggling with following the rules and following the new processes."
"Takes up a lot of resources which can slow things down."
"If you have a continuous integration in place, for example, and you want it to run along with your build and you want it to be fast, you're not going to get it. It adds to your development time."
"It could have a little bit more streamlined installation procedure. Based on the things that I've done, it could also be a bit more automated. It is kind of taking a bunch of different scanners, and SSC is just kind of managing the results. The scanning doesn't really seem to be fully integrated into the SSC platform. More automation and any kind of integration in the SSC platform would definitely be good. There could be a way to initiate scans from SSC and more functionality on the server-side to initiate desk scans if it is not already available."
"We typically do our bulk uploads of our scans with some automation at the end of the development cycle but the scanning can take a lot of time. If you were doing all of it at regular intervals it would still consume a lot of time. This could procedure could improve."
"We have some stability issues, but they are minimal."
"It does scanning for all virtual machines and other things, but it doesn't do the scanning for containers. It currently lacks the ability to do the scanning on containers. We're asking their product management team to expand this capability to containers."
Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews while Fortify on Demand is ranked 9th in Application Security Testing (AST) with 56 reviews. Coverity is rated 7.8, while Fortify on Demand is rated 8.0. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". Coverity is most compared with SonarQube, Klocwork, Checkmarx One, Veracode and Polyspace Code Prover, whereas Fortify on Demand is most compared with SonarQube, Checkmarx One, Veracode, Fortify WebInspect and Snyk. See our Coverity vs. Fortify on Demand report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
