We performed a comparison between Coverity and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's very stable."
"The product has been beneficial in logging functionality, allowing me to categorize vulnerabilities based on severity. This aids in providing updated reports on subsequent scans."
"The security analysis features are the most valuable features of this solution."
"It has the lowest false positives."
"We were very comfortable with the initial setup."
"Coverity is quite stable and we haven’t had any issues or any downtime."
"One of the most valuable features is Contributing Events. That particular feature helps the developer understand the root cause of a defect. So you can locate the starting point of the defect and figure out exactly how it is being exploited."
"The reporting feature is up to the mark."
"You can run it against multiple targets."
"Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high."
"The interface is easy to use."
"The most valuable feature is scanning the URL to drill down all the different sites."
"The scalability of this product is very good."
"It's great that we can use it with Portswigger Burp."
"The application scanning feature is the most valuable feature."
"The vulnerabilities that it finds, because the primary goal is to secure applications and websites."
"Its price can be improved. Price is always an issue with Synopsys."
"There should be additional IDE support."
"We'd like it to be faster."
"Some features are not performing well, like duplicate detection and switch case situations."
"The reporting tool integration process is sometimes slow."
"They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier."
"Ideally, it would have a user-based license that does not have a restriction in the number of lines of code."
"The solution could use more rules."
"Deployment is somewhat complicated."
"Zap could improve by providing better reports for security and recommendations for the vulnerabilities."
"Reporting format has no output, is cluttered and very long."
"It doesn't run on absolutely every operating system."
"As security evolves, we would like DevOps built into it. As of now, Zap does not provide this."
"There isn't too much information about it online."
"The reporting feature could be more descriptive."
"It would be a great improvement if they could include a marketplace to add extra features to the tool."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 34 reviews while OWASP Zap is ranked 8th in Static Application Security Testing (SAST) with 37 reviews. Coverity is rated 7.8, while OWASP Zap is rated 7.6. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Veracode, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and PortSwigger Burp Suite Professional. See our Coverity vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.