We performed a comparison between Coverity and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It has the lowest false positives."
"Coverity gives advisory and deviation features, which are some of the parts I liked."
"The product has been beneficial in logging functionality, allowing me to categorize vulnerabilities based on severity. This aids in providing updated reports on subsequent scans."
"The solution effectively identifies bugs in code."
"Provides software security, and helps to find potential security bugs or defects."
"The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code."
"It's very stable."
"It provides reports about a lot of potential defects."
"The OWASP's tool is free of cost, which gives it a great advantage, especially for smaller companies to make use of the tool."
"They offer free access to some other tools."
"Fuzzer and Java APIs help a lot with our custom needs."
"The stability of the solution is very good."
"This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we have something really big, we might get some professional company in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes it easier and safer."
"Automatic updates and pull request analysis."
"It has improved my organization with faster security tests."
"Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high."
"I would like to see integration with popular IDEs, such as Eclipse."
"It would be great if we could customize the rules to focus on critical issues."
"The product lacks sufficient customization options."
"When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."
"SCM integration is very poor in Coverity."
"Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better."
"Reporting format has no output, is cluttered and very long."
"As security evolves, we would like DevOps built into it. As of now, Zap does not provide this."
"The work that it does in the limited scope is good, but the scope is very limited in terms of the scanning features. The number of things it tests or finds is limited. They need to make it a more of a mainstream tool that people can use, and they can even think about having it on a proprietary basis. They need to increase the coverage of the scan and the results that it finds. That has always been Zap's limitation. Zap is a very good tool for a beginner, but once you start moving up the ladder where you want further details and you want your scan to show more in-depth results, Zap falls short because its coverage falls short. It does not have the capacity to do more."
"The product should allow users to customize the report based on their needs."
"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."
"Too many false positives; test reports could be improved."
"It would be beneficial to enhance the algorithm to provide better summaries of automatic scanning results."
"Zap could improve by providing better reports for security and recommendations for the vulnerabilities."
Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews while OWASP Zap is ranked 8th in Application Security Testing (AST) with 37 reviews. Coverity is rated 7.8, while OWASP Zap is rated 7.6. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas OWASP Zap is most compared with SonarQube, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and Veracode. See our Coverity vs. OWASP Zap report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.