We performed a comparison between Coverity and Snyk based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The interface of Coverity is quite good, and it is also easy to use."
"One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited."
"The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code."
"Coverity gives advisory and deviation features, which are some of the parts I liked."
"I like Coverity's capability to scan codes once we push it. We don't need more time to review our colleagues' codes. Its UI is pretty straightforward."
"It's pretty stable. I rate the stability of Coverity nine out of ten."
"It provides reports about a lot of potential defects."
"We were very comfortable with the initial setup."
"The most valuable features of Snyk are vulnerability scanning and automation. The automation the solution brings around vulnerability scanning is useful."
"The most valuable features include enriched information around the vulnerabilities for better triaging, in terms of the vulnerability layer origin and vulnerability tree."
"The CLI feature is quite useful because it gives us a lot of flexibility in what we want to do. If you use the UI, all the information is there and you can see what Snyk is showing you, but there is nothing else that you can change. However, when you use the CLI, then you can use commands and can get the output or response back from Snyk. You can also take advantage of that output in a different way. For the same reason, we have been using the CLI for the hard gate in the pipeline: Obtain a particular CDSS score for vulnerability. Based on that information, we can then decide if we want to block or allow the build. We have more flexibility if we use the CLI."
"The most valuable feature of Snyk is the SBOM."
"The most valuable feature of Snyk is the software composition analysis."
"Static code analysis is one of the best features of the solution."
"It has a nice dashboard where I can see all the vulnerabilities and risks that they provided. I can also see the category of any risk, such as medium, high, and low. They provide the input priority-wise. The team can target the highest one first, and then they can go to medium and low ones."
"The code scans on the source code itself were valuable."
"The solution is a bit complex to use in comparison to other products that have many plugins."
"The setup takes very long."
"Coverity takes a lot of time to dereference null pointers."
"We'd like it to be faster."
"There should be additional IDE support."
"Ideally, it would have a user-based license that does not have a restriction in the number of lines of code."
"SCM integration is very poor in Coverity."
"The solution's user interface and quality gate could be improved."
"The documentation sometimes is not relevant. It does not cover the latest updates, scanning, and configurations. The documentation for some things is wrong and does not cover some configuration scannings for the multiple project settings."
"They were a couple of issues which happened because Snyk lacked some documentation on the integration side. Snyk is lacking a lot of documentation, and I would like to see them improve this. This is where we struggle a bit. For example, if something breaks, we can't figure out how to fix that issue. It may be a very simple thing, but because we don't have the proper documentation around an issue, it takes us a bit longer."
"Snyk's API and UI features could work better in terms of speed."
"Offering API access in the lower or free open-source tiers would be better. That would help our customers. If you don't have an enterprise plan, it becomes challenging to integrate with the rest of the systems. Our customers would like to have some open-source integrations in the next release."
"The product is very expensive."
"Generating reports and visibility through reports are definitely things they can do better."
"Compatibility with other products would be great."
"A feature we would like to see is the ability to archive and store historical data, without actually deleting it. It's a problem because it throws my numbers off. When I'm looking at the dashboard's current vulnerabilities, it's not accurate."
Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. Coverity is rated 7.8, while Snyk is rated 8.2. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and CodeSonar, whereas Snyk is most compared with SonarQube, Black Duck, Fortify Static Code Analyzer and Veracode. See our Coverity vs. Snyk report.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.