TrustRadius

Findbugs vs. Coverity Static Analysis (SAST)

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Findbugs
Score 7.0 out of 10
N/A
FindBugs is an open source program which uses static analysis to look for bugs in Java code. It is free software, distributed under the terms of the Lesser GNU Public License, and was developed (and its brand is trademarked by) the University of Maryland.N/A
Synopsys Coverity
Score 8.3 out of 10
N/A
Synopsys offers the Coverity static application security testing (SAST) solution, to help users build software that’s more secure, higher-quality, and compliant with standards.N/A
Pricing
FindbugsCoverity Static Analysis (SAST)
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
FindbugsSynopsys Coverity
Free Trial
NoNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoYes
Entry-level Setup FeeNo setup feeOptional
Additional DetailsContact the Synopsys Software Integrity Group (SIG) Sales team at https://www.synopsys.com/software-integrity/contact-sales.html for more detailed pricing information.
More Pricing Information
User Ratings
FindbugsCoverity Static Analysis (SAST)
Likelihood to Recommend
7.0
(1 ratings)
9.0
(1 ratings)
User Testimonials
FindbugsCoverity Static Analysis (SAST)
Likelihood to Recommend
Open Source
Findbugs is best suited even when you want to adapt to certain coding conventions and discover possible bugs beforehand and it's best suited for the java open source. whether you are a developer or a DevOps engineer you can even use it as a plugin in your Jenkins pipeline or any other build automation server and your developer tool such as visual studio as well.
Arush Soel | TrustRadius Reviewer
Arush Soel
Associate Staff Engineer
Read full review
Synopsys
Best suits for large scale and dynamic development environment. It may be best tool if you want to release your apps with less TAT. However if you have a CRM tool which is COTS product it can offer little help. Even then you should be familiar with what features of Coverity Static Analysis (SAST) are helpful for your development environment
Rahul Deshmukh | TrustRadius Reviewer
Rahul Deshmukh
Security Solutions Architect
Read full review
Pros
Open Source
  • Scan the code for existing bugs present
  • It can detect an vulnerabilities and also show possible bad warnings
  • Can help identify errors in advance to avoid code crash post deployment
Arush Soel | TrustRadius Reviewer
Arush Soel
Associate Staff Engineer
Read full review
Synopsys
  • It can provide security scanning dashboard
  • Help detect vulnerabilities and recommend remediation
  • Integration of devsecops helps speed up release cycles
Rahul Deshmukh | TrustRadius Reviewer
Rahul Deshmukh
Security Solutions Architect
Read full review
Cons
Open Source
  • It’s documentation is not always up to date
  • Difficulty in finding a prper solution when an issue arises during its configuration
  • has limited features
Arush Soel | TrustRadius Reviewer
Arush Soel
Associate Staff Engineer
Read full review
Synopsys
  • Coverage of integration with other security tools can be improved
  • Customisation of dashboard to enable customer choice of tracking
  • Showcase devsecops progressive tasks from SLA and violation from code scanner perspective
Rahul Deshmukh | TrustRadius Reviewer
Rahul Deshmukh
Security Solutions Architect
Read full review
Alternatives Considered
Open Source
Sonar cloud has its own cloud where all the code vulnerabilities are collected and stored as a whole whereas its a plugin that is used in a code itself but the cons is that SonarCloud needs a license if you want to use it privately and also requires personal access token authentication if used with an external service
Arush Soel | TrustRadius Reviewer
Arush Soel
Associate Staff Engineer
Read full review
Synopsys
Coverity Static Analysis (SAST) has wide coverage in terms of Owasp Top 10 vulnerabilities, various types of languages, backward integration. While other tools offer similar experience of code scanning, coverity helps in pointed recommendations for quick closure of vulnerabilities. The historical analysis of vulnerabilities is a good value add in understanding which type of code and which language is better in improving cyber security maturity.
Rahul Deshmukh | TrustRadius Reviewer
Rahul Deshmukh
Security Solutions Architect
Read full review
Return on Investment
Open Source
  • Its being used overall by most of the teams
  • Some of the teams migrating to another testing tool as it has limited features
  • Still recommend as its open source and beginners friendly
Arush Soel | TrustRadius Reviewer
Arush Soel
Associate Staff Engineer
Read full review
Synopsys
  • Helped reduce efforts of development team avoiding rework
  • Increased security maturity
  • Increased efficiency of the teams
Rahul Deshmukh | TrustRadius Reviewer
Rahul Deshmukh
Security Solutions Architect
Read full review
ScreenShots

Synopsys Coverity Screenshots

Screenshot of Coverity works with the Code Sight™ IDE plugin, enabling developers to find and fix security and quality defects as they write code.Screenshot of Coverity provides broad security and quality checker support for 21 languages and over 70 frameworks.