We performed a comparison between Coverity and Micro Focus Fortify on Demand based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Result: Based on the parameters we compared, Micro Focus Fortify on Demand comes out ahead of Coverity. Although both products have valuable features and can be estimated as high-end solutions, our reviewers found that Coverity is very expensive and has slow support.
"Coverity gives advisory and deviation features, which are some of the parts I liked."
"It's pretty stable. I rate the stability of Coverity nine out of ten."
"The security analysis features are the most valuable features of this solution."
"The product has deeper scanning capabilities."
"The features I find most valuable is that our entire company can publish the analysis results into our central space."
"Coverity is scalable."
"I like Coverity's capability to scan codes once we push it. We don't need more time to review our colleagues' codes. Its UI is pretty straightforward."
"The most valuable feature is the integration with Jenkins."
"The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product)."
"Micro Focus WebInspect and Fortify code analysis tools are fully integrated with SSC portals and can instantly register to error tracking systems, like TFS and JIRA."
"It's a stable and scalable solution."
"It is a very easy tool for developers to use in parallel while they're doing the coding. It does auto scanning as we are progressing with the CI/CD pipeline. It has got very simple and efficient API support."
"What stands out to me is the user-friendliness of each feature."
"The SAST feature is the most valuable."
"The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation."
"The quality of application security testing reduces risk and gives very few false positives."
"The solution's user interface and quality gate could be improved."
"The setup takes very long."
"The solution is a bit complex to use in comparison to other products that have many plugins."
"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."
"Coverity takes a lot of time to dereference null pointers."
"Its price can be improved. Price is always an issue with Synopsys."
"The product lacks sufficient customization options."
"Sometimes it's a bit hard to figure out how to use the product’s UI."
"Primarily for a complex, advanced website, they don't really understand some of the functionalities. So for instance, they could tell us that there is a vulnerability because somebody could possibly do something, but they don't really understand the code to realize that we actually negate that vulnerability through some other mechanism in the program. In addition, the technical support is just not there. We have open tickets. They don't respond. Even if they respond, we're not seeing eye to eye. As the company got sold and bought, the support got worse."
"In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication. They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful."
"If you have a continuous integration in place, for example, and you want it to run along with your build and you want it to be fast, you're not going to get it. It adds to your development time."
"It natively supports only a few languages. They can include support for more native languages. The response time from the support team can also be improved. They can maybe include video tutorials explaining the remediation process. The remediation process is sometimes not that clear. It would be helpful to have videos. Sometimes, the solution that the tool gives in the GUI is not straightforward to understand for the developer. At present, for any such issues, you have to create a ticket for the support team and request help from the support team."
"Micro Focus Fortify on Demand can improve by having more graphs. For example, to show the improvement of the level of security."
"It would be highly beneficial if Fortify on Demand incorporated runtime analysis, similar to how Contrast Security utilizes agents for proactive application security."
"They have a release coming out, which is full of new features. Based on their roadmap, there's nothing that I would suggest for them to put in it that they haven't already suggested. However, I am a customer, so I always think the pricing is something that could be improved. I am working with them on that, and they're very flexible. They work with their customers and kind of tailor the product to the customer's needs. So far, I am very happy with what they're able to provide. Their subscriptions could use a little bit of a reworking, but that would be about it."
"The thing that could be improved is reducing the cost of usage and including some of the most pricey features, such as dynamic analysis and that sort of functionality, which makes the difference between different types of tools."
Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews while Fortify on Demand is ranked 9th in Application Security Testing (AST) with 56 reviews. Coverity is rated 7.8, while Fortify on Demand is rated 8.0. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". Coverity is most compared with SonarQube, Klocwork, Checkmarx One, Veracode and Polyspace Code Prover, whereas Fortify on Demand is most compared with SonarQube, Checkmarx One, Veracode, Fortify WebInspect and Snyk. See our Coverity vs. Fortify on Demand report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
