We performed a comparison between Coverity and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is a scalable solution."
"Coverity is quite stable and we haven’t had any issues or any downtime."
"Coverity is scalable."
"The most valuable feature of Coverity is its software security feature called the Checker. If you share some vulnerability or weakness then the software can find any potential security bug or defect. The code integration tool enables some secure coding standards and implements some Checkers for Live Duo. So we can enable secure coding and Azure in this tool. So in our software, we can make sure our software combines some industry supervised data."
"Coverity is easy to set up and has a less lengthy process to find vulnerabilities."
"The product has been beneficial in logging functionality, allowing me to categorize vulnerabilities based on severity. This aids in providing updated reports on subsequent scans."
"The most valuable feature is the integration with Jenkins."
"The most valuable feature of Coverity is the wrapper. We use the wrapper to build the C++ component, then we use the other code analysis to analyze the code to the build object, and then send back the result to the SonarQube server. Additionally, it is a powerful capabilities solution."
"The Veracode technical support is very good. They are responsive and very knowledgeable."
"It's helping us with security and making sure that we develop faster. It's able to scan every vulnerability. It's very powerful software that one can use to make sure that you have a very good, secure platform."
"All the features provided by Veracode are valuable, including static scan, dynamic scan, and MPT (Manual Penetration Testing)."
"In terms of secure development, the SAST scan is very useful because we are able to identify security flaws in the code base itself, for the application."
"Stable and scalable, with good reporting features. Helps in detecting and managing vulnerabilities and risks."
"I like Veracode's static scanning and SCA. We use three static scans, software composition analysis, and dynamic scans. We haven't used dynamic scanning as much, but we're trying to integrate that into our environment more."
"I have used this solution in multiple projects for vulnerability testing and finding security leaks within the code."
"I believe the static analysis is Veracode's best and most valuable feature. Software composition analysis is a feature that most people don't use, and we don't use SCA for most of our applications. However, this is an essential feature because it provides insight into the third-party libraries we use."
"Sometimes, vulnerabilities remain unidentified even after setting up the rules."
"Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better."
"Coverity is not stable."
"We use GitHub and Gitflow, and Coverity does not fit with Gitflow. I have to create a screen for our branches, and it's a pain for developers. It has been difficult to integrate Coverity with our system."
"There should be additional IDE support."
"When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material."
"The setup takes very long."
"They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier."
"The scanning could be a little faster. The process around three or four minutes, but it would help if it could be further reduced."
"If you schedule two parallel scans under the same project, one of them will be a failure."
"The only areas that I'm concerned with are some of the newer code libraries, things that we're starting to see people dabble with. They move quickly enough to get them into the Analysis Engine, so I wouldn't even say it is a complaint. It is probably the only thing I worry about: Occasionally hitting something that is built in some other obscure development model, where we either can't scan it or can't scan it very well."
"We use Ruby on Rails and we still don't have any support for that from Veracode."
"The UI could be better. Also, there are some scenarios where there is no security flaw, but the report indicates that there is a security flaw. The report is not perfectly accurate. So, the accuracy of the scanning reports needs improvement."
"The static analysis is prone to a lot of false positives. But that's how it is with most static analysis tools... Also, the static analysis can sometimes take a little while. The time that it takes to do a scan should be improved."
"The interface is too complex."
"We connected with Veracode's support a couple of times, and we got a different answer each time."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 33 reviews while Veracode is ranked 2nd in Static Application Security Testing (SAST) with 194 reviews. Coverity is rated 7.8, while Veracode is rated 8.2. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Polyspace Code Prover, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and SonarCloud. See our Coverity vs. Veracode report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.