We performed a comparison between Coverity and GitLab based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is that there were not a whole lot of false positives, at least on the codebases that I looked at."
"Coverity gives advisory and deviation features, which are some of the parts I liked."
"The most valuable feature of Coverity is the wrapper. We use the wrapper to build the C++ component, then we use the other code analysis to analyze the code to the build object, and then send back the result to the SonarQube server. Additionally, it is a powerful capabilities solution."
"The most valuable feature of Coverity is its software security feature called the Checker. If you share some vulnerability or weakness then the software can find any potential security bug or defect. The code integration tool enables some secure coding standards and implements some Checkers for Live Duo. So we can enable secure coding and Azure in this tool. So in our software, we can make sure our software combines some industry supervised data."
"It is a scalable solution."
"I like Coverity's capability to scan codes once we push it. We don't need more time to review our colleagues' codes. Its UI is pretty straightforward."
"The product has deeper scanning capabilities."
"I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be."
"The user interface is really good so that helps with huge teams who need to collaborate."
"For us, Gitlab's most valuable feature is the integration with Cypress. We're using Cypress as an automation tool, so we're using GitLab as a tool for running in parallel."
"It is very useful for reviews. We are using branch merging operations and full reset operations. It is also very useful for merging our code and tracking another branch. The graph diagrams of Git are very useful. Its interface is straightforward and not too complex for us."
"GitLab is a solution for source code management, container registry, pipelines, testing, and deployment."
"GitLab's best feature is Actions."
"This is a scalable solution. We had around 200 users working with it."
"The most valuable features of GitLab are ease of use and highly intuitive UI and performance."
"The most valuable features of GitLab are the review, patch repo, and plans are in YAML."
"Reporting engine needs to be more robust."
"The solution is a bit complex to use in comparison to other products that have many plugins."
"The product lacks sufficient customization options."
"Sometimes it's a bit hard to figure out how to use the product’s UI."
"The level of vulnerability that this solution covers could be improved compared to other open source tools."
"There should be additional IDE support."
"They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier."
"The quality of the code needs improvement."
"I would like configuration of a YML file to be done via UI rather than a code file."
"Expand features to match other tools such as a static code analysis tool so third-party integrations are not required."
"For as long as I have used GitLab, I haven't encountered any major limitations. However, I think that perhaps the search functionality could be better."
"We have only seen a couple of issues on Gitlab, which we use for building some of the applications."
"I would like to see static analysis also embedded in GitLab. That would also help us. If there's something that it does internally by GitLab and then that is already tied up with your pipeline and then it can tell you that you're coding is good or your code is not great. Based on that, it would pass or fail. That should be streamlined. I would think that would help to a greater extent, in terms of having one solution rather than depending on multiple vendors."
"The solution could improve by providing more integration into the CI/CD pipeline, an autocomplete search tool, and more supporting documentation."
"It would be better if there weren't any outages. There are occasions where we usually see a lot of outages using GitLab. It happens at least once a week or something like that. Whatever pipelines you're running, to check the logs, you need to have a different set of tools like Argus or something like that. If you have pipelines running on GitLab, you need a separate service deployed to view the logs, which is kind of a pain. If the logs can be used conveniently on GitLab, that would be definitely helpful. I'm not talking about the CI/CD pipelines but the back-end services and microservices deployed over GitLab. To view the logs for those microservices, you need to have separate log viewers, which is kind of a pain."
"There was a problem with the build environment when we were looking at developing iOS applications. iOS build require Mac machines and there are no Mac machines provided by GitLab in their cloud. So to build for mobile iOS application, we needed to use our own Mac machine within our own infrastructure. If GitLab were to provide a feature such that an iOS application could also be built through GitLab directly, that would be great."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 34 reviews while GitLab is ranked 7th in Static Application Security Testing (SAST) with 70 reviews. Coverity is rated 7.8, while GitLab is rated 8.6. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Fortify Application Defender, whereas GitLab is most compared with Microsoft Azure DevOps, SonarQube, Bamboo, AWS CodePipeline and Tekton. See our Coverity vs. GitLab report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.