We performed a comparison between Coverity and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Coverity is easy to set up and has a less lengthy process to find vulnerabilities."
"The most valuable feature is that there were not a whole lot of false positives, at least on the codebases that I looked at."
"It is a scalable solution."
"It's pretty stable. I rate the stability of Coverity nine out of ten."
"The product has been beneficial in logging functionality, allowing me to categorize vulnerabilities based on severity. This aids in providing updated reports on subsequent scans."
"We were very comfortable with the initial setup."
"The most valuable feature is the integration with Jenkins."
"One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited."
"The reporting part is the most valuable feature."
"The product has valuable features for static and dynamic testing."
"This solution saves us time due to the low number of false positives detected."
"The UI was very intuitive."
"We are now deploying less defects to production."
"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"The solution is easy to use."
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"Its price can be improved. Price is always an issue with Synopsys."
"SCM integration is very poor in Coverity."
"Some features are not performing well, like duplicate detection and switch case situations."
"There should be additional IDE support."
"The level of vulnerability that this solution covers could be improved compared to other open source tools."
"The product should include more customization options. The analytics is not as deep as compared to SonarQube."
"When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material."
"Sometimes, vulnerabilities remain unidentified even after setting up the rules."
"They have to improve support."
"We would like to integrate with some of the other reporting tools that we're planning to use in the future."
"The product has some technical limitations."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"They should have a better UI for dashboards."
"Many silly false positives are produced."
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews while HCL AppScan is ranked 12th in Application Security Testing (AST) with 39 reviews. Coverity is rated 7.8, while HCL AppScan is rated 7.6. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, Checkmarx One and PortSwigger Burp Suite Professional. See our Coverity vs. HCL AppScan report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.