We performed a comparison between Checkmarx One and Coverity based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The only thing I like is that Checkmarx does not need to compile."
"Scan reviews can occur during the development lifecycle."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"It has the lowest false positives."
"The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time."
"The product has deeper scanning capabilities."
"It's very stable."
"The most valuable feature is that there were not a whole lot of false positives, at least on the codebases that I looked at."
"The security analysis features are the most valuable features of this solution."
"It provides reports about a lot of potential defects."
"Coverity is quite stable and we haven’t had any issues or any downtime."
"The solution's user interface could be improved because it seems outdated."
"Checkmarx could improve by reducing the price."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"They could work to improve the user interface. Right now, it really is lacking."
"Micro-services need to be included in the next release."
"It would be really helpful if the level of confidence was included, with respect to identified issues."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"The pricing can get a bit expensive, depending on the company's size."
"SCM integration is very poor in Coverity."
"The solution is a bit complex to use in comparison to other products that have many plugins."
"Sometimes it's a bit hard to figure out how to use the product’s UI."
"They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier."
"We'd like it to be faster."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"Sometimes, vulnerabilities remain unidentified even after setting up the rules."
"We use GitHub and Gitflow, and Coverity does not fit with Gitflow. I have to create a screen for our branches, and it's a pain for developers. It has been difficult to integrate Coverity with our system."
Checkmarx One is ranked 3rd in Static Application Security Testing (SAST) with 67 reviews while Coverity is ranked 4th in Static Application Security Testing (SAST) with 33 reviews. Checkmarx One is rated 7.6, while Coverity is rated 7.8. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Coverity writes "Best SAST tool to check software quality issues". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Mend.io, whereas Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Veracode and Polyspace Code Prover. See our Checkmarx One vs. Coverity report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.