We performed a comparison between Coverity and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I encountered a bug with Coverity, and I opened a ticket. Support provided me with a workaround. So it's working at the moment, or at least it seems to be."
"The most valuable feature is the integration with Jenkins."
"The product has deeper scanning capabilities."
"The solution effectively identifies bugs in code."
"The solution has helped to increase staff productivity and improved our work significantly by approximately 20 percent."
"The features I find most valuable is that our entire company can publish the analysis results into our central space."
"The app analysis is the most valuable feature as I know other solutions don't have that."
"We were very comfortable with the initial setup."
"It is a good product for creating secure software. The static code analysis is pretty good and useful."
"You can easily integrate it with Azure DevOps. This is an added value because we work with Azure DevOps. Veracode is natively supported and we don't have to work with APIs."
"The user interface is excellent, the code review process is quick and provides great analytics to understand our code better, and the SAST scan is high-speed."
"The static analysis gives you deep insights into problems."
"Allows us to track the remediation and handling of identified vulnerabilities."
"Developer Sandboxes help move scanning earlier within the SDLC."
"It has an easy-to-use interface."
"The most valuable features of the solution are its extensive reporting capabilities and user-friendly interface."
"Some features are not performing well, like duplicate detection and switch case situations."
"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."
"They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier."
"It should be easier to specify your own validation routines and sanitation routines."
"There should be additional IDE support."
"We actually specified several checkers, but we found some checkers had a higher false positive rate. I think this is a problem. Because we have to waste some time is really the issue because the issue is not an issue. I mean, the tool pauses or an issue, but the same issue is the filter now.Some check checkers cannot find some issues, but sometimes they find issues that are not relevant, right, that are not really issues. Some customisation mechanism can be added in the next release so that we can define our Checker. The Modelling feature provided by Coverity helps in finding more information for potential issues but it is not mature enough, it should be mature. The fast testing feature for security testing campaign can be added as well. So if you correctly integrate it with the training team, maybe you can help us to find more potential issues."
"Sometimes, vulnerabilities remain unidentified even after setting up the rules."
"Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better."
"On-premise implementation is not available."
"All areas of the solution could use some improvement."
"We use Ruby on Rails and we still don't have any support for that from Veracode."
"They could improve how they fix vulnerabilities. They could have more support in place to help the developers."
"Some features could be improved in terms of user-friendliness."
"Third-party library scanning would be very useful to have. When I was researching this a year ago, there was not a third-party library scan available. This would be a nice feature to have because we are now running through some assessments and finding out which tool can do it since this information needs to be captured. Since Veracode is a security solution, this should be related."
"The scanning takes a lot of time to complete."
"There might be room for improvement in the in-app guidance and the tips and tricks for the developer about how to progress. We would like more insight into the development environment, where they would get guidance on how to avoid flaws."
Coverity is ranked 4th in Static Application Security Testing (SAST) with 33 reviews while Veracode is ranked 2nd in Static Application Security Testing (SAST) with 194 reviews. Coverity is rated 7.8, while Veracode is rated 8.2. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Coverity is most compared with SonarQube, Klocwork, Fortify on Demand, Checkmarx One and Polyspace Code Prover, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and SonarCloud. See our Coverity vs. Veracode report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.