Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Coverity comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Checkmarx One
Ranking in Static Application Security Testing (SAST)
4th
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
71
Ranking in other categories
Application Security Tools (3rd), Vulnerability Management (24th), Static Code Analysis (3rd), API Security (5th), DevSecOps (5th), Risk-Based Vulnerability Management (9th)
Coverity
Ranking in Static Application Security Testing (SAST)
5th
Average Rating
7.8
Reviews Sentiment
6.5
Number of Reviews
43
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Static Application Security Testing (SAST) category, the mindshare of Checkmarx One is 9.5%, down from 12.7% compared to the previous year. The mindshare of Coverity is 7.2%, up from 6.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
 

Featured Reviews

Syed Hasan - PeerSpot reviewer
Partner experiences excellent technical support and seamless initial setup
In my opinion, if we are able to extract or show the report, and because everything is going towards agent tech and GenAI, it would be beneficial if it could get integrated with our code base and do the fix automatically. It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from. This would be really helpful.
Jaile Sebes - PeerSpot reviewer
Resolving critical software issues demands faster implementation and better integration
We use Coverity primarily to find issues such as software bugs and memory leaks, especially in C++ and C# projects. It helps us identify deadlocks, synchronization issues, and product crashes Coverity has been instrumental in resolving product crashes by detecting various issues like deadlocks.…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution is scalable, but other solutions are better."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"From my point of view, it is the best product on the market."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."
"The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code."
"This solution is easy to use."
"I like Coverity's capability to scan codes once we push it. We don't need more time to review our colleagues' codes. Its UI is pretty straightforward."
"It's very stable."
"Coverity is easy to set up and has a less lengthy process to find vulnerabilities."
"Coverity is easy to use and easy to integrate with CI."
"Considering the analysis part and the benchmarking process involving the product that my company carried out, the solution is good for finding bugs and violations"
"The interface of Coverity is quite good, and it is also easy to use."
 

Cons

"I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features."
"I can't create a business case with multiple-factor authentication."
"The reports are good, but they still need to be improved considering what the UI offers."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."
"In terms of dashboarding, the solution could provide a little more flexibility in terms of creating more dashboards. It has some of its own dashboards that come out of the box. However, if I have to implement my own dashboards that are aligned to my organization's requirements, that dashboarding feature has limited capability right now."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."
"The reporting tool integration process is sometimes slow."
"They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier."
"It should be easier to specify your own validation routines and sanitation routines."
"Right now, the Coverity executable is around 1.2GB to download. If they can reduce it to approximately 600 or 700MB, that would be great. If they decrease the executable, it will be much easier to work in an environment like Docker."
"We're currently facing a primary challenge with automation using Coverity. Each developer has a license and can perform manual checks, and we also have a nightly build that analyzes the entire software. The main issue is that the tool can't look behind submodules in our code base, so it doesn't see changes stored there."
"Reporting engine needs to be more robust."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"The price is a concern, and there are a lot of false positives coming through."
 

Pricing and Cost Advice

"It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing."
"Be cautious of the one-year subscription date. Once it expires, your price will go up."
"It is an expensive solution."
"The price of Checkmarx could be reduced to match their competitors, it is expensive."
"We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."
"If you want more, you have to pay more. You have to pay for additional modules or functionalities."
"​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
"For around 250 users or committers, the cost is approximately $500,000."
"The tool's price is somewhere in the middle. It's neither cheap nor expensive. I would rate the pricing a five out of ten."
"It is expensive."
"The solution is affordable."
"This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis."
"Coverity is very expensive."
"The licensing fees are based on the number of lines of code."
"The pricing is on the expensive side, and we are paying for a couple of items."
"I would rate the tool's pricing a one out of ten."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
863,679 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
20%
Computer Software Company
14%
Manufacturing Company
10%
Government
6%
Manufacturing Company
32%
Computer Software Company
14%
Financial Services Firm
6%
Government
4%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
What do you like most about Coverity?
The solution has improved our code quality and security very well.
 

Also Known As

No data available
Synopsys Static Analysis
 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
SAP, Mega International, Thales Alenia Space
Find out what your peers are saying about Checkmarx One vs. Coverity and other solutions. Updated: July 2025.
863,679 professionals have used our research since 2012.