We performed a comparison between Coverity and Micro Focus Fortify on Demand based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Result: Based on the parameters we compared, Micro Focus Fortify on Demand comes out ahead of Coverity. Although both products have valuable features and can be estimated as high-end solutions, our reviewers found that Coverity is very expensive and has slow support.
"The app analysis is the most valuable feature as I know other solutions don't have that."
"The most valuable feature is that there were not a whole lot of false positives, at least on the codebases that I looked at."
"It has the lowest false positives."
"The security analysis features are the most valuable features of this solution."
"It's very stable."
"The features I find most valuable is that our entire company can publish the analysis results into our central space."
"The product has been beneficial in logging functionality, allowing me to categorize vulnerabilities based on severity. This aids in providing updated reports on subsequent scans."
"Coverity is easy to set up and has a less lengthy process to find vulnerabilities."
"Fortify on Demand is easy to use and the reporting is good."
"The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it."
"The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation."
"Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out."
"t's a cloud-based solution, so there was no installation involved."
"I do not remember any issues with stability."
"The most valuable feature of Micro Focus Fortify on Demand is the information it can provide. There is quite a lot of information. It can pinpoint right down to where the problem is, allowing you to know where to fix it. Overall the features are easy to use, you don't have to be a coder. You can be a manager, or in IT operations, et cetera, anyone can use it. It is quite a well-rounded functional solution."
"It improves future security scans."
"The solution is a bit complex to use in comparison to other products that have many plugins."
"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."
"Right now, the Coverity executable is around 1.2GB to download. If they can reduce it to approximately 600 or 700MB, that would be great. If they decrease the executable, it will be much easier to work in an environment like Docker."
"The product lacks sufficient customization options."
"It would be great if we could customize the rules to focus on critical issues."
"The product should include more customization options. The analytics is not as deep as compared to SonarQube."
"Coverity takes a lot of time to dereference null pointers."
"The solution could use more rules."
"The technical support is actually a problem that needs to be addressed. Since the acquisition and merger with Hewlett Packard, it has been really hard to know who the technical or salesperson to talk to."
"There are lots of limitations with code technology. It cannot scan .net properly either."
"I would like to see improvement in CI integration and integration with GitLab or Jenkins. It needs to be more simple."
"Micro Focus Fortify on Demand could improve the user interface by making it more user-friendly."
"They have very good support, but there is always room for improvement."
"We have some stability issues, but they are minimal."
"Integration to CI/CD pipelines could be improved. The reporting format could be more user friendly so that it is easy to read."
"We would like a reduction in the time frame of scans. It takes us three to five days to run a scan now. We would like that reduced to under three days."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 34 reviews while Fortify on Demand is ranked 9th in Static Application Security Testing (SAST) with 57 reviews. Coverity is rated 7.8, while Fortify on Demand is rated 8.0. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". Coverity is most compared with SonarQube, Klocwork, Checkmarx One, Veracode and Polyspace Code Prover, whereas Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Fortify WebInspect and Snyk. See our Coverity vs. Fortify on Demand report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
