We performed a comparison between Coverity and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Coverity gives advisory and deviation features, which are some of the parts I liked."
"The most valuable feature is that there were not a whole lot of false positives, at least on the codebases that I looked at."
"It provides reports about a lot of potential defects."
"It has the lowest false positives."
"Coverity is easy to set up and has a less lengthy process to find vulnerabilities."
"I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be."
"The solution has improved our code quality and security very well."
"The security analysis features are the most valuable features of this solution."
"The reporting part is the most valuable feature."
"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"Compared to other tools only AppScan supports special language."
"You can easily find particular features and functions through the UI."
"It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code."
"The product is useful, particularly in its sensitivity and scanning capabilities."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"There should be additional IDE support."
"Its price can be improved. Price is always an issue with Synopsys."
"Coverity is not stable."
"The quality of the code needs improvement."
"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."
"The solution is a bit complex to use in comparison to other products that have many plugins."
"Reporting engine needs to be more robust."
"The databases for HCL are small and have room for improvement."
"The solution often has a high number of false positives. It's an aspect they really need to improve upon."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"There is room for improvement in the pricing model."
"Scans become slow on large websites."
"The penetration testing feature should be included."
"The solution's scalability can be a matter of concern because one license runs on one machine only."
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews while HCL AppScan is ranked 12th in Application Security Testing (AST) with 39 reviews. Coverity is rated 7.8, while HCL AppScan is rated 7.6. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, Checkmarx One and PortSwigger Burp Suite Professional. See our Coverity vs. HCL AppScan report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.