Rapid Scan SAST is complementary to Coverity® and is now available to all Coverity customers. Use Rapid Scan SAST to get fast feedback as you are coding and for your normal code review workflows. And use Coverity for your nightly builds.
Coverity provides comprehensive analysis and has the broadest support for security compliance standards (e.g., OWASP Top 10, CWE Top 25, and PCI DSS) as well as code quality, safety, and reliability standards (e.g., MISRA, CERT C/C++, CERT Java, DISA STIG, ISO 26262, ISO/IEC TS 17961, AUTOSAR, and Nvidia CUDA). Coverity supports a broad set of languages and frameworks, integrations for industry-standard SCMs, CI build servers, and issue trackers, and it provides comprehensive reporting for on-premises as well as cloud-hosted development with Coverity on Polaris Software Integrity Platform®.
No need to choose; leverage the strengths of each: Rapid Scan SAST is best for blazing-fast analysis feedback at developers’ desktops, as they code. Coverity is best for deep, comprehensive static analysis and in situations where standards compliance, language and integration support, and comprehensive reporting and policy management features are required.