We performed a comparison between Coverity and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The app analysis is the most valuable feature as I know other solutions don't have that."
"This solution is easy to use."
"It is a scalable solution."
"Coverity is scalable."
"One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited."
"The most valuable feature of Coverity is the wrapper. We use the wrapper to build the C++ component, then we use the other code analysis to analyze the code to the build object, and then send back the result to the SonarQube server. Additionally, it is a powerful capabilities solution."
"The product is easy to use."
"The interface of Coverity is quite good, and it is also easy to use."
"This tool is more accurate than the other solutions that we use, and reports fewer false positives."
"It is useful for scanning and tracing activities."
"The most valuable feature is Burp Collaborator."
"The solution is quite helpful for session management and configuration."
"Enables automation of different tasks such as authorization testing."
"The extension that it provides with the community version for the skills mapping is excellent."
"With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp."
"I personally love its capability to automatically and accurately detect vulnerabilities. So, I would say it is the Burp scanner that is THE most powerful, valuable, and an awesome feature."
"Some features are not performing well, like duplicate detection and switch case situations."
"Sometimes it's a bit hard to figure out how to use the product’s UI."
"Its price can be improved. Price is always an issue with Synopsys."
"The solution could use more rules."
"There should be additional IDE support."
"The product should include more customization options. The analytics is not as deep as compared to SonarQube."
"The setup takes very long."
"When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material."
"The Initial setup is a bit complex."
"It would be good if the solution could give us more details about what exactly is defective."
"I am from Brazil. The currency exchange rate from a dollar to a Brazilian Real is quite steep. It is almost six to one. It would be good if it can be sold in the local currency, and its price is cheaper for us."
"The reporting needs to be improved; it is very bad."
"The solution is not easy to set it up. You need a lot of knowledge."
"The tool is very expensive."
"The biggest drawback is reporting. It's not so good. I can download them, but they're not so informative."
"There could be an improvement in the API security testing. There is another tool called Postman and if we had a built-in portal similar to Postman which captures the API, we would be able to generate the API traffic. Right now we need a Postman tool and the Burp Suite for performing API tests. It would be a huge benefit to be able to do it in a single UI."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Coverity is ranked 4th in Static Application Security Testing (SAST) with 34 reviews while PortSwigger Burp Suite Professional is ranked 5th in Static Application Security Testing (SAST) with 57 reviews. Coverity is rated 7.8, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Qualys Web Application Scanning. See our Coverity vs. PortSwigger Burp Suite Professional report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.