We performed a comparison between Coverity and Mend.io based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is that there were not a whole lot of false positives, at least on the codebases that I looked at."
"Coverity gives advisory and deviation features, which are some of the parts I liked."
"We were very comfortable with the initial setup."
"It has the lowest false positives."
"The features I find most valuable is that our entire company can publish the analysis results into our central space."
"It provides reports about a lot of potential defects."
"This solution is easy to use."
"I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be."
"Attribution and license due diligence reports help us with aggregating the necessary data that we, in turn, have to provide to satisfy the various licenses copyright and component usage disclosures in our software."
"The most valuable feature is the unified JAR to scan for all langs (wss-scanner jar)."
"With the fix suggestions feature, not only do you get the specific trace back to where the vulnerability is within your code, but you also get fix suggestions."
"WhiteSource helped reduce our mean time to resolution since the adoption of the product."
"The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business."
"The most valuable feature is the inventory, where it compiles a list of all of the third-party libraries that we have on our estate."
"We can take some measures to improve things, replace a library, or update a library which was too old or showed severe bugs."
"For us, the most valuable tool was open-source licensing analysis."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"SCM integration is very poor in Coverity."
"Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better."
"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."
"Sometimes it's a bit hard to figure out how to use the product’s UI."
"The solution is a bit complex to use in comparison to other products that have many plugins."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"It would be great if we could customize the rules to focus on critical issues."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
"It would be good if it can do dynamic code analysis. It is not necessarily in that space, but it can do more because we have too many tools. Their partner relationship support is a little bit confusing. They haven't really streamlined the support process when we buy through a reseller. They should improve their process."
"Make the product available in a very stable way for other web browsers."
"I would like to see the static analysis included with the open-source version."
"The initial setup could be simplified."
"We specifically use this solution within our CICD pipelines in Azure DevOps, and we would like to have a gate so that if the score falls below a certain value then we can block the pipeline from running."
"Some detected libraries do not specify a location of where in the source they were matched from, which is something that should be enhanced to enable quicker troubleshooting."
"WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers."
Coverity is ranked 4th in Application Security Testing (AST) with 33 reviews while Mend.io is ranked 4th in Software Composition Analysis (SCA) with 29 reviews. Coverity is rated 7.8, while Mend.io is rated 8.4. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand and Checkmarx, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk, Checkmarx and GitLab. See our Coverity vs. Mend.io report.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.