Overview
Product Information on Coverity Static Application Security Testing
What is Coverity Static Application Security Testing?
Coverity Static Application Security Testing Pricing
Coverity Static Application Security Testing Product Images
Overall experience with Coverity Static Application Security Testing
“Solid Software Quality and Support With Occasional Delays in Scanning Speed”
“Navigating the Limited Market of Firmware Support Tools”
About Company
Company Description
Black Duck builds trust in software by enabling organizations to manage application security, quality, and compliance risks at the speed their business demands. Black Duck solutions help developers to secure code as fast as they write it; development and DevSecOps teams to automate testing within development pipelines without compromising velocity; and security teams to proactively manage risk and focus remediation efforts on what matters most. With Black Duck, organizations can transform the way they build and deliver software, aligning people, processes, and technology to intelligently address software risks across their portfolio and at all stages of the application lifecycle.
Company Details
Do You Manage Peer Insights at Black Duck?
Access Vendor Portal to update and manage your profile.
Key Insights
A Snapshot of What Matters - Based on Validated User Reviews
Reviewer Insights for: Coverity Static Application Security Testing
Performance of Coverity Static Application Security Testing Across Market Features
Coverity Static Application Security Testing Likes & Dislikes
automation, integration capabilities and compatibility.
Support is good.
The initial set of security rules. When we demonstrate our security capabilities and exercise, especially for customers in specific industries like auto and health, we say weve used Coverity to check if the source code meets MISRA or HIPAA, customers know our effort very quickly, and theres no more negotiation cost. That is what a great product needs, which helps the whole industry to reach an agreement very soon.
Scanning time is sometimes too slow.
UI and False positives. Vendor offers triaging service for extra cost.
The user interface, Coverity's UI is not easy to understand, and the users need some time to get to know this platform. It shall ref the popular consumer products, release a modern version to make the tool easy to use, and up to date. Currently the UX does not match the high reputation it grants.
Top Coverity Static Application Security Testing Alternatives
Peer Discussions
Coverity Static Application Security Testing Reviews and Ratings
- IT Manager1B-10B USDConsumer GoodsReview Source
Solid Software Quality and Support With Occasional Delays in Scanning Speed
Good quality software and very good communication with the support team to address issues. - SECURITY & RISK MANAGEMENT50M-1B USDTelecommunicationReview Source
Coverity Simplifies Code Security for Industry Standards but UI Presents Challenges
As a well-known source code quality and security detector, Coverity supports individual standards and customized rules. The product supports rapid analysis of source code submissions, which helps the engineer a lot. Coverity's reputation is extremely outstanding, as customers know we pick Coverity as SAST solution, the doubts sharpens down and trust grows up. It also complements with Black Duck, to provide a detailed analysis for end-to-end security detection. - IT SECURITY & RISK MANAGEMENT ASSOCIATE50M-1B USDBankingReview Source
Ease of Use and Low False Positives: The Highlight of Coverity
Low amount of false positives, ease to use and you can integrate it directly with most of CI/CDs - Security Architect50M-1B USDSoftwareReview Source
Navigating the Limited Market of Firmware Support Tools
There are only 3 products in the market that support firmware code and this is one of them. I rated it average because it's not truly exceptional or outstanding. This product is similar to other tools. I'm not feeling very generous so 3 stars is still a thumbs-up. - Subject matter expert50M-1B USDSoftwareReview Source
Could provide more help in terms of risk management and development mitigations.
These are the main drawbacks I've seen: 1) The web interface does not allow you to change the default security risk level associated with the vulnerability. It's quite annoying having to write the modified risk level in the description because then you cannot search for them later. 2) It lacks of a proposed solution. I think it needs to provide at least a generic solution or a curated list of references according to the programming language in which the vulnerability was found. 3) It would nice if they improve their search filters. There are a lot of filters/conditions for searching and would be helpful if you could save previously used search filters.