Try our new research platform with insights from 80,000+ expert users

Coverity vs Seeker comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

Coverity
Average Rating
7.8
Reviews Sentiment
6.5
Number of Reviews
42
Ranking in other categories
Static Application Security Testing (SAST) (4th)
Seeker
Average Rating
7.0
Reviews Sentiment
6.9
Number of Reviews
1
Ranking in other categories
Internet Security (19th), Mobile Threat Defense (14th), API Security (15th)
 

Featured Reviews

Md. Shahriar Hussain - PeerSpot reviewer
Offers impressive reporting features with user-friendliness and high scalability
The solution can be easily setup but requires heavy integration due to the multiple types of port and programming languages involved. Comparing the resource requirements of the solution I would say it can be installed effortlessly. I would rate the initial setup an eight out of ten. A professional needs some pre-acquired knowledge to manage Coverity's deployment process, but the local solution partners provide support well enough for trouble-free deployment. The overall deployment process of Coverity took around two and a half hours in our organization. The deployment duration depends upon the operating system and resources including high-end RAM and CPU processors.
San K - PeerSpot reviewer
More effective than dynamic scanners, but is missing useful learning capabilities
One area that Seeker can improve is to make it more customizable. All security scanning tools have a defined set of rules that are based on certain criteria which they will use to detect issues. However, the criteria that you set initially is not something that all applications are going to need. The purposes for which applications are designed may differ in practice in the industry, and because of this, there will always be tools that sometimes report false positives. Thus, there should be some means with which I can customize the way that Seeker learns about our applications, possibly by using some kind of AI / ML capability within the tool that will automatically reduce the number of false positives that we get as we use the tool over time. Obviously, when we first start using the scanning tool there will be false positives, but as it keeps going and as I keep using the tool, there should be a period of time where either the application can learn how to ignore false positives, or I can customize it do so. Adding this type of functionality would definitely prevent future issues when it comes to reporting false positives, and this is a key area that we have already asked the vendor to improve on, in general. On a different note, there is one feature that isn't completely available right now where you can integrate Seeker with an open-source vulnerability scanner or composition analysis tool such as Black Duck. I would very much like this capability to be available to us out-of-the-box, so that we can easily integrate with tools like Black Duck in such a way that any open source components that are used in the front-end are easily identified. I think this would be a huge plus for Seeker. Another feature within Seeker which could benefit from improvement is active verification, which lets you actively verify a vulnerability. This feature currently doesn't work in certain applications, particularly in scenarios where you have requested tokens. When we bought the tool, we didn't realize this and we were not told about it by the vendor, so initially it was a big challenge for us to overcome it and properly begin our deployment.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature of Coverity is that it shows examples of what is actually wrong with the code."
"It has the lowest false positives."
"Coverity is easy to set up and has a less lengthy process to find vulnerabilities."
"The security analysis features are the most valuable features of this solution."
"The product has deeper scanning capabilities."
"The product has been beneficial in logging functionality, allowing me to categorize vulnerabilities based on severity. This aids in providing updated reports on subsequent scans."
"It help us identify the latest security vulnerabilities."
"What I find most effective about Coverity is its low rate of false positives. I've seen other platforms with many false positives, but with Coverity, most vulnerabilities it identifies are genuine. This allows me to focus on real issues."
"A significant advantage of Seeker is that it is an interactive scanner, and we have found it to be much more effective in reducing the amount of false positives than dynamic scanners such as AppScan, Micro Focus Fortify, etc. Furthermore, with Seeker, we are finding more and more valid (i.e. "true") positives over time compared with the dynamic scanners."
 

Cons

"It would be great if we could customize the rules to focus on critical issues."
"The solution's user interface and quality gate could be improved."
"Zero-day vulnerability identification can be an add-on feature that Coverity can provide."
"The setup takes very long."
"We're currently facing a primary challenge with automation using Coverity. Each developer has a license and can perform manual checks, and we also have a nightly build that analyzes the entire software. The main issue is that the tool can't look behind submodules in our code base, so it doesn't see changes stored there."
"When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material."
"Its price can be improved. Price is always an issue with Synopsys."
"The quality of the code needs improvement."
"One area that Seeker can improve is to make it more customizable. All security scanning tools have a defined set of rules that are based on certain criteria which they will use to detect issues. However, the criteria that you set initially is not something that all applications are going to need."
 

Pricing and Cost Advice

"The price is competitive with other solutions."
"The solution is affordable."
"The solution's pricing is comparable to other products."
"I would rate the pricing a six out of ten, where one is low, and ten is high price."
"Coverity’s price is on the higher side. It should be lower."
"I rate Coverity's price a ten on a scale of one to ten, where one is cheap and ten is expensive."
"Offers varying prices for different companies"
"Depending on the usage types, one has to opt for different types of licenses from Coverity, especially to be able to use areas like report viewing or report generation."
"The licensing for Seeker is user-based and for 50 users I believe it costs about $70,000 per year."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
823,875 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
32%
Computer Software Company
15%
Financial Services Firm
8%
Government
4%
Financial Services Firm
23%
Computer Software Company
16%
Manufacturing Company
11%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
What do you like most about Coverity?
The solution has improved our code quality and security very well.
What is your experience regarding pricing and costs for Coverity?
Coverity is considered expensive compared to other tools like SonarQube, which is much cheaper.
Ask a question
Earn 20 points
 

Also Known As

Synopsys Static Analysis
No data available
 

Overview

 

Sample Customers

SAP, Mega International, Thales Alenia Space
El Al Airlines and Société Française du Radiotelephone
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST). Updated: November 2024.
823,875 professionals have used our research since 2012.