Checkmarx One vs Coverity Comparison 2024

Checkmarx One

Coverity

Checkmarx One

Read 67 Checkmarx One reviews

32,487 views|21,108 comparisons

Coverity

Read 33 Coverity reviews

17,611 views|11,453 comparisons

Comparison Buyer's Guide

Download the complete report

Buyer's Guide

Checkmarx One vs. Coverity

May 2024

Executive Summary

We performed a comparison between Checkmarx One and Coverity based on real PeerSpot user reviews.

Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Checkmarx One vs. Coverity Report (Updated: May 2024).

Download the complete report

771,170 professionals have used our research since 2012.

Featured Review

Anonymous User

Senior Engineer at a tech vendor

Useful automation , detailed reports, but scalability could improve

We have always used some kind of code analysis tool and Checkmarx has been working for us at this time. We like the tool.

Estefania Ramirez

Application Security Auditor at Softtek

Researched Checkmarx One but chose Coverity: Great app analysis, support, and pricing

The product allows us to find vulnerabilities while testing our apps.

Quotes From Members

We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:

Pros

"The most valuable feature for me is the Jenkins Plugin.""It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx.""The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all.""We use the solution to validate the source code and do SAST and security analysis.""It gives the proper code flow of vulnerabilities and the number of occurrences.""It shows in-depth code of where actual vulnerabilities are.""The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal.""The most valuable feature is that it actually identifies the different criteria you can set to meet whatever standards you're trying to get your system accredited for."

More Checkmarx One Pros →

"I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be.""The features I find most valuable is that our entire company can publish the analysis results into our central space.""The solution has improved our code quality and security very well.""The product has deeper scanning capabilities.""It's very stable.""We were very comfortable with the initial setup.""Coverity is easy to set up and has a less lengthy process to find vulnerabilities.""This solution is easy to use."

More Coverity Pros →

Cons

"Checkmarx could improve the speed of the scans.""Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed.""Checkmarx needs to be more scalable for large enterprise companies.""The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated.""The pricing can get a bit expensive, depending on the company's size.""With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too.""I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features.""They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."

More Checkmarx One Cons →

"When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material.""We'd like it to be faster.""The solution is a bit complex to use in comparison to other products that have many plugins.""There should be additional IDE support.""The setup takes very long.""The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming.""Coverity is far from perfection, and I'm not 100 percent sure it's helping me find what I need to find in my role. We need exactly what we are looking for, i.e. security errors and vulnerabilities. It doesn't seem to be reporting while we are changing our code.""Coverity is not stable."

More Coverity Cons →

Pricing and Cost Advice

"It is the right price for quality delivery."

"I believe pricing is better compared to other commercial tools."

"The pricing was not very good. This is just a framework which shouldn’t cost so much."

"The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."

"It is a good product but a little overpriced."

"The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."

"Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."

"We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."

More Checkmarx One Pricing and Cost Advice →

"Coverity is quite expensive."

"The licensing fees are based on the number of lines of code."

"The price is competitive with other solutions."

"It is expensive."

"Coverity is very expensive."

"This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis."

"The pricing is very reasonable compared to other platforms. It is based on a three year license."

"The pricing is on the expensive side, and we are paying for a couple of items."

More Coverity Pricing and Cost Advice →

See Which Vendors Are Best For You

Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.

See Recommendations

771,170 professionals have used our research since 2012.

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?

Top Answer:I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.

Read all 4 answers →

What do you like most about Checkmarx?

Top Answer:Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.

Read all 38 answers →

What is your experience regarding pricing and costs for Checkmarx?

Top Answer:The solution's price is high and you pay based on the number of users.

Read all 25 answers →

How would you decide between Coverity and Sonarqube?

Top Answer:We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing… more »

What do you like most about Coverity?

Top Answer:The solution has improved our code quality and security very well.

Read all 23 answers →

What is your experience regarding pricing and costs for Coverity?

Top Answer:The tool was fairly priced.

Read all 20 answers →

Ranking

3rd

out of 67 in Static Application Security Testing (SAST)

Views

32,487

Comparisons

21,108

Reviews

Average Words per Review

513

Rating

7.7

4th

out of 67 in Static Application Security Testing (SAST)

Views

17,611

Comparisons

11,453

Reviews

Average Words per Review

382

Rating

8.0

Comparisons

SonarQube vs. Checkmarx One

Compared 52% of the time.

Veracode vs. Checkmarx One

Compared 13% of the time.

Fortify on Demand vs. Checkmarx One

Compared 6% of the time.

Snyk vs. Checkmarx One

Compared 4% of the time.

Mend.io vs. Checkmarx One

Compared 2% of the time.

More Checkmarx One Competitors →

SonarQube vs. Coverity

Compared 51% of the time.

Klocwork vs. Coverity

Compared 9% of the time.

Fortify on Demand vs. Coverity

Compared 7% of the time.

Veracode vs. Coverity

Compared 5% of the time.

Polyspace Code Prover vs. Coverity

Compared 4% of the time.

More Coverity Competitors →

Also Known As

Synopsys Static Analysis

Learn More

Checkmarx

Synopsys

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

Static Application Security Testing (SAST)
Software Composition Analysis (SCA)
API security
Dynamic Application Security Testing (DAST)
Container security
IaC security
Correlation, prioritization, and risk management
Codebashing secure code training
AI security
Tech partnerships extending AppSec into runtime analysis
Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts.

Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports 22 languages and over 70 frameworks and templates.

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC

MStar Semiconductor, Alcatel-Lucent

Top Industries

REVIEWERS

Computer Software Company31%

Financial Services Firm19%

Comms Service Provider9%

Manufacturing Company9%

VISITORS READING REVIEWS

Financial Services Firm21%

Computer Software Company15%

Manufacturing Company9%

Insurance Company5%

REVIEWERS

Manufacturing Company36%

Comms Service Provider20%

Computer Software Company20%

Retailer8%

VISITORS READING REVIEWS

Manufacturing Company28%

Computer Software Company16%

Financial Services Firm8%

Government4%

Company Size

REVIEWERS

Small Business38%

Midsize Enterprise13%

Large Enterprise50%

VISITORS READING REVIEWS

Small Business17%

Midsize Enterprise12%

Large Enterprise72%

REVIEWERS

Small Business16%

Midsize Enterprise14%

Large Enterprise70%

VISITORS READING REVIEWS

Small Business14%

Midsize Enterprise10%

Large Enterprise76%

Buyer's Guide

Checkmarx One vs. Coverity

May 2024

Free Report: Checkmarx One vs. Coverity

Find out what your peers are saying about Checkmarx One vs. Coverity and other solutions. Updated: May 2024.

DOWNLOAD NOW

771,170 professionals have used our research since 2012.

Checkmarx One is ranked 3rd in Static Application Security Testing (SAST) with 67 reviews while Coverity is ranked 4th in Static Application Security Testing (SAST) with 33 reviews. Checkmarx One is rated 7.6, while Coverity is rated 7.8. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Coverity writes "Best SAST tool to check software quality issues". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Mend.io, whereas Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Veracode and Polyspace Code Prover. See our Checkmarx One vs. Coverity report.

See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.

Checkmarx One vs Coverity comparison