We performed a comparison between Coverity and GitLab based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The security analysis features are the most valuable features of this solution."
"The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code."
"It has the lowest false positives."
"The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time."
"The product is easy to use."
"One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited."
"The most valuable feature is that there were not a whole lot of false positives, at least on the codebases that I looked at."
"It's very stable."
"The most valuable feature of GitLab is the automatic merging of code."
"I like GitLab's security and SAS tools."
"The solution's service delivery model is fantastic."
"I like that it's easy to deploy our services over GitLab. The customer support is also good with a really active community. You have a lot of support that you can get online with your stack. That is probably one of the benefits of using GitLab. It's also really fast."
"The code merging capability is something that we use very frequently."
"I have found the most valuable features of GitLab are the GitClone, GitPush, GitPull, GitMatch, GitMit, GitCommit, and GitStatus."
"GitLab is kind of an image of GitHub, so it gives us the flexibility to monitor our changes in the repos."
"For us, Gitlab's most valuable feature is the integration with Cypress. We're using Cypress as an automation tool, so we're using GitLab as a tool for running in parallel."
"We'd like it to be faster."
"The product lacks sufficient customization options."
"The product should include more customization options. The analytics is not as deep as compared to SonarQube."
"The tool needs to improve its reporting."
"The setup takes very long."
"The level of vulnerability that this solution covers could be improved compared to other open source tools."
"Right now, the Coverity executable is around 1.2GB to download. If they can reduce it to approximately 600 or 700MB, that would be great. If they decrease the executable, it will be much easier to work in an environment like Docker."
"Ideally, it would have a user-based license that does not have a restriction in the number of lines of code."
"I would like to see better integration with project management tools such as Jira."
"I'm new to GitLab, so I would appreciate more documentation about the code and commands."
"When deploying the solution on cloud and the CI/CD pipeline, we have to define the steps and it becomes confusing."
"I used Spring Cloud config and to connect that to GitLab was so hard."
"Their RBAC is role-based access, which is fine but not very good."
"For as long as I have used GitLab, I haven't encountered any major limitations. However, I think that perhaps the search functionality could be better."
"Based on what I know so far, its integration with Kubernetes is not so good. We have to develop many things to make it work. We have to acquire third-party components to work with Kubernetes."
"The documentation is confusing."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 34 reviews while GitLab is ranked 7th in Static Application Security Testing (SAST) with 70 reviews. Coverity is rated 7.8, while GitLab is rated 8.6. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Fortify Application Defender, whereas GitLab is most compared with Microsoft Azure DevOps, SonarQube, Bamboo, AWS CodePipeline and Tekton. See our Coverity vs. GitLab report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.