We performed a comparison between Coverity and GitHub Code Scanning based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST)."Coverity gives advisory and deviation features, which are some of the parts I liked."
"The solution has improved our code quality and security very well."
"The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent."
"The app analysis is the most valuable feature as I know other solutions don't have that."
"The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time."
"It's pretty stable. I rate the stability of Coverity nine out of ten."
"The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code."
"The most valuable feature is the integration with Jenkins."
"We use GitHub Code Scanning mostly for source code management."
"The solution helps identify vulnerabilities by understanding how ports communicate with applications running on a system. Ports are like house numbers; to visit someone's house, you must know their number. Similarly, ports are used to communicate with applications. For example, if you want to use an HTTP web server, you must use port 80. It is the port on which the web application or your server listens for incoming requests."
"The product lacks sufficient customization options."
"It would be great if we could customize the rules to focus on critical issues."
"The setup takes very long."
"Some features are not performing well, like duplicate detection and switch case situations."
"The solution could use more rules."
"Coverity is far from perfection, and I'm not 100 percent sure it's helping me find what I need to find in my role. We need exactly what we are looking for, i.e. security errors and vulnerabilities. It doesn't seem to be reporting while we are changing our code."
"They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier."
"When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material."
"GitHub Code Scanning should add more templates."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 34 reviews while GitHub Code Scanning is ranked 20th in Static Application Security Testing (SAST) with 2 reviews. Coverity is rated 7.8, while GitHub Code Scanning is rated 9.6. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of GitHub Code Scanning writes "A highly stable solution that can be used for source code management". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas GitHub Code Scanning is most compared with SonarCloud, SonarQube, Polaris Software Integrity Platform and Veracode.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.