TrustRadius: an HG Insights company

Synopsys Coverity

Score8.3 out of 10

8 Reviews and Ratings

What is Synopsys Coverity?

Synopsys offers the Coverity static application security testing (SAST) solution, to help users build software that’s more secure, higher-quality, and compliant with standards.

Media

Coverity works with the Code Sight™ IDE plugin, enabling developers to find and fix security and quality defects as they write code.
Coverity provides broad security and quality checker support for 21 languages and over 70 frameworks.

1 / 2

Great tool for securing your applications during development phase

Use Cases and Deployment Scope

Coverity Static Analysis (SAST) helps your organization in detection of vulnerabilities in the code. Your development team would be able to release vulnerability free apps and there by reducing post go live pain of code correction from security perspective. Coverity Static Analysis (SAST) tool can be integrated with devsecops pipeline and ensure automation of security code testing and remediation before someone else discovers the vulnerabilities. Coverity Static Analysis (SAST) reduced efforts by 30% in rolling out builds through DevSecOps

Pros

  • It can provide security scanning dashboard
  • Help detect vulnerabilities and recommend remediation
  • Integration of devsecops helps speed up release cycles

Cons

  • Coverage of integration with other security tools can be improved
  • Customisation of dashboard to enable customer choice of tracking
  • Showcase devsecops progressive tasks from SLA and violation from code scanner perspective

Most Important Features

  • Privacy values like card or SSN detection
  • Root cause analysis of multiple vulnerabilities which stem from one vulnerability
  • Tracking historical analysis of vulnerabilities

Return on Investment

  • Helped reduce efforts of development team avoiding rework
  • Increased security maturity
  • Increased efficiency of the teams

Alternatives Considered

Micro Focus Fortify Static Code Analyzer and Rapid7 AppSpider

Other Software Used

Micro Focus Fortify Static Code Analyzer, Rapid7 AppSpider, HCL AppScan