We performed a comparison between Coverity and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is a scalable solution."
"It's very stable."
"I like Coverity's capability to scan codes once we push it. We don't need more time to review our colleagues' codes. Its UI is pretty straightforward."
"Coverity is scalable."
"We were very comfortable with the initial setup."
"The solution effectively identifies bugs in code."
"The most valuable feature of Coverity is the wrapper. We use the wrapper to build the C++ component, then we use the other code analysis to analyze the code to the build object, and then send back the result to the SonarQube server. Additionally, it is a powerful capabilities solution."
"The solution has improved our code quality and security very well."
"The most valuable feature of PortSwigger Burp Suite Professional is the advanced features, user-friendly interface, and integration with other tools."
"The solution scans web applications and supports APIs, which are the main features I really like."
"I find the attack model quite amazing, where I can write my scripts and load my scripts as well, which helps quite a bit. All the active scanning that it can do is also quite a lot helpful. It speeds up our vulnerability assessment and penetration testing. Right now, I am enjoying its in-browser, which also helps quite a bit. I'm always confused about setting up some proxy, but it really is the big solution we all want."
"The most valuable feature of PortSwigger Burp Suite Professional is the Burp Intruder tool."
"The active scanner, which does an automated search of any web vulnerabilities."
"There is no other tool like it. I like the intuitiveness and the plugins that are available."
"This tool is more accurate than the other solutions that we use, and reports fewer false positives."
"The feature that we have found most valuable is that it comes with pre-set configurations. They have a set of predefined options where you can pick one and start scanning. We also have the option of creating our own configurations, like how often do the applications need to be scanned."
"They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier."
"The solution's user interface and quality gate could be improved."
"When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"The level of vulnerability that this solution covers could be improved compared to other open source tools."
"The product lacks sufficient customization options."
"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."
"Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better."
"The number of false positives need to be reduced on the solution."
"There should be a heads up display like the one available in OWASP Zap."
"The biggest improvement that I would like to see from PortSwigger that today many people see as an issue in their testing. There might be a feature which might be desired."
"The biggest drawback is reporting. It's not so good. I can download them, but they're not so informative."
"There could be an improvement in the API security testing. There is another tool called Postman and if we had a built-in portal similar to Postman which captures the API, we would be able to generate the API traffic. Right now we need a Postman tool and the Burp Suite for performing API tests. It would be a huge benefit to be able to do it in a single UI."
"Sometimes the solution can run a little slow."
"We wish that the Spider feature would appear in the same shape that it does in previous versions."
"Scanning APIs using PortSwigger Burp Suite Professional takes a lot of time."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews while PortSwigger Burp Suite Professional is ranked 5th in Application Security Testing (AST) with 55 reviews. Coverity is rated 7.8, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Qualys Web Application Scanning. See our Coverity vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.