Item: Coverity Static Analysis (SAST)
Rating: 9
Author: Rahul Deshmukh

Use Cases and Deployment Scope

Coverity Static Analysis (SAST) helps your organization in detection of vulnerabilities in the code. Your development team would be able to release vulnerability free apps and there by reducing post go live pain of code correction from security perspective. Coverity Static Analysis (SAST) tool can be integrated with devsecops pipeline and ensure automation of security code testing and remediation before someone else discovers the vulnerabilities. Coverity Static Analysis (SAST) reduced efforts by 30% in rolling out builds through DevSecOps

Pros and Cons

It can provide security scanning dashboard
Help detect vulnerabilities and recommend remediation
Integration of devsecops helps speed up release cycles

Coverage of integration with other security tools can be improved
Customisation of dashboard to enable customer choice of tracking
Showcase devsecops progressive tasks from SLA and violation from code scanner perspective

Most Important Features

Privacy values like card or SSN detection
Root cause analysis of multiple vulnerabilities which stem from one vulnerability
Tracking historical analysis of vulnerabilities

Return on Investment

Helped reduce efforts of development team avoiding rework
Increased security maturity
Increased efficiency of the teams

Alternatives Considered

Micro Focus Fortify Static Code Analyzer and Rapid7 AppSpider

Coverity Static Analysis (SAST) has wide coverage in terms of Owasp Top 10 vulnerabilities, various types of languages, backward integration. While other tools offer similar experience of code scanning, coverity helps in pointed recommendations for quick closure of vulnerabilities. The historical analysis of vulnerabilities is a good value add in understanding which type of code and which language is better in improving cyber security maturity.

Key Insights

Do you think Coverity Static Analysis (SAST) delivers good value for the price?

Yes

Are you happy with Coverity Static Analysis (SAST)'s feature set?

Yes

Did Coverity Static Analysis (SAST) live up to sales and marketing promises?

Yes

Did implementation of Coverity Static Analysis (SAST) go as expected?

I wasn't involved with the implementation phase

Would you buy Coverity Static Analysis (SAST) again?

Yes

Other Software Used

Micro Focus Fortify Static Code Analyzer, Rapid7 AppSpider, HCL AppScan

Likelihood to Recommend

Best suits for large scale and dynamic development environment. It may be best tool if you want to release your apps with less TAT. However if you have a CRM tool which is COTS product it can offer little help. Even then you should be familiar with what features of Coverity Static Analysis (SAST) are helpful for your development environment

Great tool for securing your applications during development phase

Overall Satisfaction with Coverity Static Analysis (SAST)