• Home
  • Coverity vs. OWASP Zap

Coverity vs OWASP Zap comparison

Cancel
You must select at least 2 products to compare!
Synopsys Logo

Coverity

Read 33 Coverity reviews
17,993 views|11,623 comparisons
88% willing to recommend
OWASP Logo

OWASP Zap

Read 37 OWASP Zap reviews
21,564 views|10,271 comparisons
87% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Coverity vs. OWASP Zap
March 2024
Executive Summary

We performed a comparison between Coverity and OWASP Zap based on real PeerSpot user reviews.

Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Coverity vs. OWASP Zap Report (Updated: March 2024).
Download the complete report
768,857 professionals have used our research since 2012.
Featured Review
Estefania Ramirez
Great app analysis, support, and pricing
The product allows us to find vulnerabilities while testing our apps.
AnkithKumar
Great for automating and testing and has tightened our security
The solution has tightened our security and that of our clients who depend on it. If you identify a weakness or a limitation in an application, and... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It has the lowest false positives.""Coverity gives advisory and deviation features, which are some of the parts I liked.""The product has been beneficial in logging functionality, allowing me to categorize vulnerabilities based on severity. This aids in providing updated reports on subsequent scans.""The solution effectively identifies bugs in code.""Provides software security, and helps to find potential security bugs or defects.""The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code.""It's very stable.""It provides reports about a lot of potential defects."

More Coverity Pros →

"The OWASP's tool is free of cost, which gives it a great advantage, especially for smaller companies to make use of the tool.""They offer free access to some other tools.""Fuzzer and Java APIs help a lot with our custom needs.""The stability of the solution is very good.""This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we have something really big, we might get some professional company in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes it easier and safer.""Automatic updates and pull request analysis.""​It has improved my organization with faster security tests.​""Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high."

More OWASP Zap Pros →

Cons
"I would like to see integration with popular IDEs, such as Eclipse.""It would be great if we could customize the rules to focus on critical issues.""The product lacks sufficient customization options.""When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material.""The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming.""We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues.""SCM integration is very poor in Coverity.""Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better."

More Coverity Cons →

"Reporting format has no output, is cluttered and very long.""As security evolves, we would like DevOps built into it. As of now, Zap does not provide this.""The work that it does in the limited scope is good, but the scope is very limited in terms of the scanning features. The number of things it tests or finds is limited. They need to make it a more of a mainstream tool that people can use, and they can even think about having it on a proprietary basis. They need to increase the coverage of the scan and the results that it finds. That has always been Zap's limitation. Zap is a very good tool for a beginner, but once you start moving up the ladder where you want further details and you want your scan to show more in-depth results, Zap falls short because its coverage falls short. It does not have the capacity to do more.""The product should allow users to customize the report based on their needs.""The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed.""Too many false positives; test reports could be improved.""It would be beneficial to enhance the algorithm to provide better summaries of automatic scanning results.""Zap could improve by providing better reports for security and recommendations for the vulnerabilities."

More OWASP Zap Cons →

Pricing and Cost Advice
  • "Coverity is quite expensive."
  • "The licensing fees are based on the number of lines of code."
  • "The price is competitive with other solutions."
  • "It is expensive."
  • "Coverity is very expensive."
  • "This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis."
  • "The pricing is very reasonable compared to other platforms. It is based on a three year license."
  • "The pricing is on the expensive side, and we are paying for a couple of items."

    • More Coverity Pricing and Cost Advice →

  • "It is highly recommended as it is an open source tool."
  • "It's free and open, currently under the Apache 2 license. If ZAP does what you need it to do, selling a free solution is a very easy."
  • "OWASP ZAP is a free tool provided by OWASP’s engineers and experts. There is an option to donate."
  • "As Zap is free and open-source, with tons of features similar to those of commercial solutions, I would definitely recommend trying it out."
  • "It's free. It's good for us because we don't know what the extent of our use will be yet. It's good to start with something free and easy to use."
  • "OWASP Zap is free to use."
  • "This app is completely free and open source. So there is no question about any pricing."
  • "This is an open-source solution and can be used free of charge."

    • More OWASP Zap Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    See Recommendations
    768,857 professionals have used our research since 2012.
    Questions from the Community
    How would you decide between Coverity and Sonarqube?
    Top Answer:We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing… more »
    What do you like most about Coverity?
    Top Answer:The solution has improved our code quality and security very well.
    Read all 23 answers   →
    What is your experience regarding pricing and costs for Coverity?
    Top Answer:The tool was fairly priced.
    Read all 20 answers   →
    Is OWASP Zap better than PortSwigger Burp Suite Pro?
    Top Answer:OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with… more »
    Read all 3 answers   →
    What do you like most about OWASP Zap?
    Top Answer:The ZAP scan and code crawler are valuable features.
    Read all 27 answers   →
    What is your experience regarding pricing and costs for OWASP Zap?
    Top Answer:The tool is open source.
    Read all 16 answers   →
    Ranking
    4th
    out of 67 in Application Security Testing (AST)
    Views
    17,993
    Comparisons
    11,623
    Reviews
    22
    Average Words per Review
    382
    Rating
    8.0
    8th
    out of 67 in Application Security Testing (AST)
    Views
    21,564
    Comparisons
    10,271
    Reviews
    13
    Average Words per Review
    372
    Rating
    7.4
    Comparisons
    SonarQube logo
    SonarQube vs. Coverity
    Compared 51% of the time.
    Klocwork logo
    Klocwork vs. Coverity
    Compared 9% of the time.
    Fortify on Demand logo
    Fortify on Demand vs. Coverity
    Compared 6% of the time.
    Checkmarx One logo
    Checkmarx One vs. Coverity
    Compared 6% of the time.
    Veracode logo
    Veracode vs. Coverity
    Compared 5% of the time.
    More Coverity Competitors   →
    SonarQube logo
    SonarQube vs. OWASP Zap
    Compared 20% of the time.
    Acunetix logo
    Acunetix vs. OWASP Zap
    Compared 12% of the time.
    Veracode logo
    Veracode vs. OWASP Zap
    Compared 9% of the time.
    More OWASP Zap Competitors   →
    Also Known As
    Synopsys Static Analysis
    Learn More
    Synopsys
    OWASP
    Overview

    Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts. 

    Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports 22 languages and over 70 frameworks and templates.

    OWASP Zap is a free and open-source web application security scanner. 

    The solution helps developers identify vulnerabilities in their web applications by actively scanning for common security issues. 

    With its user-friendly interface and powerful features, Zap is a popular choice among developers for ensuring the security of their web applications.

    Sample Customers
    MStar Semiconductor, Alcatel-Lucent
    1. Google 2. Microsoft 3. IBM 4. Amazon 5. Facebook 6. Twitter 7. LinkedIn 8. Netflix 9. Adobe 10. PayPal 11. Salesforce 12. Cisco 13. Oracle 14. Intel 15. HP 16. Dell 17. VMware 18. Symantec 19. McAfee 20. Citrix 21. Red Hat 22. Juniper Networks 23. SAP 24. Accenture 25. Deloitte 26. Ernst & Young 27. PwC 28. KPMG 29. Capgemini 30. Infosys 31. Wipro 32. TCS
    Top Industries
    REVIEWERS
    Manufacturing Company38%
    Computer Software Company21%
    Comms Service Provider17%
    Retailer8%
    VISITORS READING REVIEWS
    Manufacturing Company28%
    Computer Software Company15%
    Financial Services Firm8%
    Government4%
    REVIEWERS
    Computer Software Company25%
    Financial Services Firm15%
    Retailer10%
    Energy/Utilities Company10%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Financial Services Firm10%
    Comms Service Provider7%
    Government7%
    Company Size
    REVIEWERS
    Small Business17%
    Midsize Enterprise14%
    Large Enterprise69%
    VISITORS READING REVIEWS
    Small Business14%
    Midsize Enterprise10%
    Large Enterprise76%
    REVIEWERS
    Small Business22%
    Midsize Enterprise30%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise15%
    Large Enterprise64%
    Buyer's Guide
    Coverity vs. OWASP Zap
    March 2024
    Free Report: Coverity vs. OWASP Zap
    Find out what your peers are saying about Coverity vs. OWASP Zap and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    768,857 professionals have used our research since 2012.

    Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews while OWASP Zap is ranked 8th in Application Security Testing (AST) with 37 reviews. Coverity is rated 7.8, while OWASP Zap is rated 7.6. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas OWASP Zap is most compared with SonarQube, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and Veracode. See our Coverity vs. OWASP Zap report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.