Coverity vs GitGuardian Platform comparison

Cancel
You must select at least 2 products to compare!
Synopsys Logo
18,401 views|11,920 comparisons
GitGuardian Logo
2,158 views|374 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Coverity and GitGuardian Platform based on real PeerSpot user reviews.

Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Coverity vs. GitGuardian Platform Report (Updated: March 2024).
765,234 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"We were very comfortable with the initial setup.""The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time.""The interface of Coverity is quite good, and it is also easy to use.""The most valuable feature of Coverity is its software security feature called the Checker. If you share some vulnerability or weakness then the software can find any potential security bug or defect. The code integration tool enables some secure coding standards and implements some Checkers for Live Duo. So we can enable secure coding and Azure in this tool. So in our software, we can make sure our software combines some industry supervised data.""Coverity is quite stable and we haven’t had any issues or any downtime.""The most valuable feature is the integration with Jenkins.""The most valuable feature is that there were not a whole lot of false positives, at least on the codebases that I looked at.""Provides software security, and helps to find potential security bugs or defects."

More Coverity Pros →

"The most valuable feature of GitGuardian is that it finds tokens and passwords. That's why we need this tool. It minimizes the possibility of security violations that we cannot find on our own.""The secrets detection and alerting is the most important feature. We get alerted almost immediately after someone commits a secret. It has been very accurate, allowing us to jump on it right away, then figure out if we have something substantial that has been leaked or whether it is something that we don't have to worry about. This general main feature of the app is great.""The entire GitGuardian solution is valuable. The product is doing its job and showing us many things. We get many false positives, but the ability to automatically display potential leaks when developers commit is valuable. The dashboards show you recent and historical commits, and we have a full scan that shows historical leaked secrets.""I like that GitGuardian automatically notifies the developer who committed the change. The security team doesn't need to act as the intermediary and tell the developer there is an alert. The alert goes directly to the developer.""You can also assign tasks to specific teams or people to complete, such as assigning something to the "blue team" or saying that this person needs to do this, and that person needs to do that. That is a great feature because you can actually manage your team internally in GitGuardian.""GitGuardian Internal Monitoring has helped increase our secrets detection rate by several orders of magnitude. This is a hard metric to get. For example, if we knew what our secrets were and where they were, we wouldn't need GitGuardian or these types of solutions. There could be a million more secrets that GitGuardian doesn't detect, but it is basically impossible to find them by searching for them.""I like GitGuardian's instant response. When you have an incident, it's reported immediately. The interface gives you a great overview of your current leaked secrets.""The most valuable feature is the alerts when secrets are leaked and we can look at particular repositories to see if there are any outstanding problems. In addition, the solution's detection capabilities seem very broad. We have no concerns there."

More GitGuardian Platform Pros →

Cons
"When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material.""The product should include more customization options. The analytics is not as deep as compared to SonarQube.""The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming.""Its price can be improved. Price is always an issue with Synopsys.""It should be easier to specify your own validation routines and sanitation routines.""I would like to see integration with popular IDEs, such as Eclipse.""Coverity takes a lot of time to dereference null pointers.""Ideally, it would have a user-based license that does not have a restriction in the number of lines of code."

More Coverity Cons →

"GitGuardian encompasses many secrets that companies might have, but we are a Microsoft-only organization, so there are some limitations there in terms of their honey tokens. I'd like for it to not be limited to Amazon-based tokens. It would be nice to see a broader set of providers that you could pick from.""I would like to see more fine-grained access controls when tickets are assigned for incidents. I would like the ability to provide more controls to the team leads or the product managers so that they can drive what we, the AppSec team, are doing.""It would be nice if they supported detecting PII or had some kind of data loss prevention feature.""For some repositories, there are a lot of incidents. For example, one repository says 255 occurrences, so I assume these are 255 alerts and nobody is doing anything about them. These could be false positives. However, I cannot assess it correctly, because I haven't been closing these false positives myself. From the dashboard, I can see that for some of the repositories, there have been a lot of closing of these occurrences, so I would assume there are a lot of false positives. A ballpark estimate would be 60% being false positives. One of the arguments from the developers against this tool is the number of false positives.""We have encountered occasional difficulties with the Single Sign-On process.""They could give a developer access to a dashboard for their team's repositories that just shows their repository secrets. I think more could be exposed to developers.""Other solutions have a live chat feature that provides instant results. Waiting for an agent to reply to an email is less ideal than an instant conversation with a support employee. That's a complaint so minor I almost hesitate to mention it.""The purchasing process is convoluted compared to Snyk, the other tool we use. It's like night and day because you only need to punch in your credit card, and you're set. With GitGuardian, getting a quote took two or three weeks. We paid for it in December but have not settled that payment yet."

More GitGuardian Platform Cons →

Pricing and Cost Advice
  • "Coverity is quite expensive."
  • "The licensing fees are based on the number of lines of code."
  • "The price is competitive with other solutions."
  • "It is expensive."
  • "Coverity is very expensive."
  • "This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis."
  • "The pricing is very reasonable compared to other platforms. It is based on a three year license."
  • "The pricing is on the expensive side, and we are paying for a couple of items."
  • More Coverity Pricing and Cost Advice →

  • "We don't have a huge number of users, but its yearly rate was quite reasonable when compared to other per-seat solutions that we looked at... Having a free plan for a small number of users was really great. If you're a small team, I don't see why you wouldn't want to get started with it."
  • "It's a little bit expensive."
  • "You get what you pay for. It's one of the more expensive solutions, but it is very good, and the low false positive rate is a really appealing factor."
  • "The pricing and licensing are fair. It isn't very expensive and it's good value."
  • "The internal side is cheap per user. It is annual pricing based on the number of users."
  • "We have seen a return on investment. The amount of time that we would have spent manually doing this definitely outpaces the cost of GitGuardian. It is saving us about $35,000 a year, so I would say the ROI is about $20,000 a year."
  • "It could be cheaper. When GitHub secrets monitoring solution goes to general access and general availability, GitGuardian might be in a little bit of trouble from the competition, and maybe then they might lower their prices. The GitGuardian solution is great. I'm just concerned that they're not GitHub."
  • "It's not cheap, but it's not crazy expensive either."
  • More GitGuardian Platform Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    765,234 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing… more »
    Top Answer:The solution has improved our code quality and security very well.
    Top Answer:It's also worth mentioning that GitGuardian is unique because they have a free tier that we've been using for the first twelve months. It provides full functionality for smaller teams. We're a smaller… more »
    Top Answer:The purchasing process is convoluted compared to Snyk, the other tool we use. It's like night and day because you only need to punch in your credit card, and you're set. With GitGuardian, getting a… more »
    Top Answer:GitGuardian had a really nice feature that allowed you to compare all the public GitHub repositories against your code base and see if your code leaked. They discontinued it for some reason about… more »
    Ranking
    Views
    18,401
    Comparisons
    11,920
    Reviews
    22
    Average Words per Review
    382
    Rating
    8.0
    Views
    2,158
    Comparisons
    374
    Reviews
    11
    Average Words per Review
    1,456
    Rating
    9.0
    Comparisons
    Also Known As
    Synopsys Static Analysis
    GitGuardian Internal Monitoring
    Learn More
    Interactive Demo
    Overview

    Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts. 

    Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports 22 languages and over 70 frameworks and templates.

    GitGuardian helps organizations detect and fix vulnerabilities in source code at every step of the software development lifecycle. With GitGuardian’s policy engine, security teams can monitor and enforce rules across their VCS, DevOps tools, and infrastructure-as-code configurations.

    Widely adopted by developer communities, GitGuardian is used by more than 500,000 developers and is the #1 app in the security category on the GitHub Marketplace. GitGuardian is also trusted by leading companies, including Instacart, Genesys, Orange, Iress, Beyond Identity, NOW: Pensions, and Stedi.

    GitGuardian Platform includes automated secrets detection and remediation. By reducing the risks of secrets exposure across the SDLC, GitGuardian helps software-driven organizations strengthen their security posture and comply with frameworks and standards.

    Its detection engine is trained against more than a billion public GitHub commits every year, and it covers 350+ types of secrets such as API keys, database connection strings, private keys, certificates, and more.

    GitGuardian brings security and development teams together with automated remediation playbooks and collaboration features to resolve incidents fast and in full. By pulling developers closer to the remediation process, organizations can achieve higher incident closing rates and shorter fix times.

    The platform integrates across the DevOps toolchain, including native support for continuously scanning VCS platforms like GitHub, Gitlab, Azure DevOps and Bitbucket or CI/CD tools like Jenkins, CircleCI, Travis CI, GitLab pipelines, and many more. It also integrates with ticketing and messaging systems like Splunk, PagerDuty, Jira and Slack to support teams with their incident remediation workflows. GitGuardian is offered as a SaaS platform but can also be hosted on-premise for organizations operating in highly regulated industries or with strict data privacy requirements.

    Sample Customers
    MStar Semiconductor, Alcatel-Lucent
    Automox, 66degrees (ex Cloudbakers), Iress, Now:Pensions, Payfit, Orange, BouyguesTelecom, Seequent, Stedi, Talend, Snowflake... 
    Top Industries
    REVIEWERS
    Manufacturing Company36%
    Computer Software Company23%
    Comms Service Provider14%
    Retailer9%
    VISITORS READING REVIEWS
    Manufacturing Company27%
    Computer Software Company16%
    Financial Services Firm7%
    Government5%
    REVIEWERS
    Computer Software Company25%
    Insurance Company13%
    Comms Service Provider13%
    Wholesaler/Distributor13%
    VISITORS READING REVIEWS
    Comms Service Provider23%
    Computer Software Company12%
    Financial Services Firm10%
    Media Company8%
    Company Size
    REVIEWERS
    Small Business18%
    Midsize Enterprise15%
    Large Enterprise68%
    VISITORS READING REVIEWS
    Small Business13%
    Midsize Enterprise10%
    Large Enterprise76%
    REVIEWERS
    Small Business36%
    Midsize Enterprise32%
    Large Enterprise32%
    VISITORS READING REVIEWS
    Small Business23%
    Midsize Enterprise12%
    Large Enterprise64%
    Buyer's Guide
    Coverity vs. GitGuardian Platform
    March 2024
    Find out what your peers are saying about Coverity vs. GitGuardian Platform and other solutions. Updated: March 2024.
    765,234 professionals have used our research since 2012.

    Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews while GitGuardian Platform is ranked 6th in Application Security Testing (AST) with 21 reviews. Coverity is rated 7.8, while GitGuardian Platform is rated 9.0. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of GitGuardian Platform writes "It dramatically improved our ability to detect secrets, saved us time, and reduced our mean time to remediation". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx and Veracode, whereas GitGuardian Platform is most compared with SonarQube, Cycode, Snyk, GitHub Advanced Security and Veracode. See our Coverity vs. GitGuardian Platform report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.