Try our new research platform with insights from 80,000+ expert users

Coverity Static vs Software Risk Manager ASPM comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Dec 21, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Coverity Static
Ranking in Static Application Security Testing (SAST)
6th
Average Rating
7.8
Reviews Sentiment
6.5
Number of Reviews
43
Ranking in other categories
No ranking in other categories
Software Risk Manager ASPM
Ranking in Static Application Security Testing (SAST)
30th
Average Rating
0.0
Reviews Sentiment
7.0
Number of Reviews
1
Ranking in other categories
Software Composition Analysis (SCA) (21st), Application Security Posture Management (ASPM) (15th)
 

Mindshare comparison

As of January 2026, in the Static Application Security Testing (SAST) category, the mindshare of Coverity Static is 4.7%, down from 8.0% compared to the previous year. The mindshare of Software Risk Manager ASPM is 0.8%, up from 0.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST) Market Share Distribution
ProductMarket Share (%)
Coverity Static4.7%
Software Risk Manager ASPM0.8%
Other94.5%
Static Application Security Testing (SAST)
 

Featured Reviews

KT
Software Engineering Manager at Visteon Corporation
Using tools for compliance is beneficial but cost concerns persist
We have been using Coverity for quite a long period. It has been fine for our needs. I would rate Coverity between eight to nine, though the cost is high. I would rate their support from Coverity as six. That is the main complaint, but we still appreciate having it.
Saravanan_Radhakrishnan - PeerSpot reviewer
Senior Manager at Happiest Minds Technologies
Facilitates continuous assessment of applications, covering both static and dynamic security aspects
Code Dx lacks one aspect, the dynamic security part, known as DAST. It's not an on-premise solution; it's in the cloud now. There are compliance standards and data standards where the customer might need to have the data on-premises for dynamic security testing. So that is one shortfall. An area of improvement could be developing an on-premise DAST solution. The current one is a complete cloud-based solution, and that can be one of the areas of improvement.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The interface of Coverity is quite good, and it is also easy to use."
"I like Coverity's capability to scan codes once we push it. We don't need more time to review our colleagues' codes. Its UI is pretty straightforward."
"It provides reports about a lot of potential defects."
"This solution is easy to use."
"Coverity is easy to use and easy to integrate with CI."
"The product has deeper scanning capabilities."
"It has the lowest false positives."
"The app analysis is the most valuable feature as I know other solutions don't have that."
"The customers were looking for something around static security and dynamic security, and in all those areas, they were looking for an industry leader with a proven solution. Synopsys is a Gartner leader, so I position this particular technology for the technical pre-sales part of it."
 

Cons

"The solution could use more rules."
"Coverity concerns its dashboards and reporting."
"They could improve the usability. For example, how you set things up, even though it's straightforward, it could be still be easier."
"The reporting tool integration process is sometimes slow."
"The product should include more customization options. The analytics is not as deep as compared to SonarQube."
"When I put my code into Coverity for scanning, the code information of the product is in the system. The solution could be improved by providing a SBOM, a software bill of material."
"The solution's user interface and quality gate could be improved."
"Coverity could improve the ease of use. Sometimes things become difficult and you need to follow the guides from the website but the guides could be better."
"The initial setup is a bit challenging because things are not easy. It needs a lot of technology adaptability plus the customer's environment-specific use cases."
 

Pricing and Cost Advice

"Coverity’s price is on the higher side. It should be lower."
"The tool was fairly priced."
"Coverity is quite expensive."
"I rate Coverity's price a ten on a scale of one to ten, where one is cheap and ten is expensive."
"This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis."
"The pricing is on the expensive side, and we are paying for a couple of items."
"I would rate the pricing a six out of ten, where one is low, and ten is high price."
"I would rate Coverity's pricing as a nine out of ten. It's already very expensive, and it's a problem for us to get more licenses due to the price. The pricing model has some good aspects - for example, a personal license gives access to all languages without code limitations, which is better than some competitors. However, it's still a lot of money for us to spend."
"It is more of an enterprise solution for budget-conscious customers. So, it's moderately priced. It's not for everybody."
report
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
881,114 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
32%
Computer Software Company
12%
Financial Services Firm
7%
Healthcare Company
4%
Financial Services Firm
18%
Manufacturing Company
10%
Government
8%
University
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise6
Large Enterprise31
No data available
 

Questions from the Community

How would you decide between Coverity and Sonarqube?
We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...
What do you like most about Coverity?
The solution has improved our code quality and security very well.
Ask a question
Earn 20 points
 

Also Known As

Synopsys Static Analysis
Code Dx
 

Overview

 

Sample Customers

SAP, Mega International, Thales Alenia Space
Discover why companies like: CGI said, "Synopsys and Software Risk Manager have provided the results we’re looking for".
Find out what your peers are saying about SonarSource Sàrl, Veracode, Checkmarx and others in Static Application Security Testing (SAST). Updated: January 2026.
881,114 professionals have used our research since 2012.