We performed a comparison between Checkmarx and Micro Focus Fortify on Demand based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions are very comparable. All categories received similar ratings except that Checkmarx got better rewviews on deployment and support.
"The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled."
"The most valuable feature is the application tracking reporting."
"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."
"It shows in-depth code of where actual vulnerabilities are."
"Vulnerability details is valuable."
"We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"It is an extremely robust, scalable, and stable solution."
"The quality of application security testing reduces risk and gives very few false positives."
"Being able to reduce risk overall is a very valuable feature for us."
"Audit workbench: for on-the-fly defect auditing."
"The solution is user-friendly."
"It helps deploy and track changes easily as per time-to-time market upgrades."
"The most valuable features of Micro Focus Fortify on Demand have been SAT analysis and application security."
"There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do."
"We have received some feedback from our customers who are receiving a large number of false positives."
"Checkmarx needs to be more scalable for large enterprise companies."
"Micro-services need to be included in the next release."
"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"I would like the product to include more debugging and developed tools. It needs to also add enhancements on the coding side."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"The pricing can get a bit expensive, depending on the company's size."
"The reporting capabilities need improvement, as there are some features that we would like to have but are not available at the moment."
"Sometimes when we run a full scan, we have a bunch of issues in the code. We should not have any issues."
"It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the overall time span to scan the code, and even to set up the code scanning, is a bit overwhelming for regular developers."
"Micro Focus Fortify on Demand could improve the user interface by making it more user-friendly."
"The vulnerability analysis does not always provide guidelines for what the developer should do in order to correct the problem, which means that the code has to be manually inspected and understood."
"The thing that could be improved is reducing the cost of usage and including some of the most pricey features, such as dynamic analysis and that sort of functionality, which makes the difference between different types of tools."
"I would like to see improvement in CI integration and integration with GitLab or Jenkins. It needs to be more simple."
"Micro Focus Fortify on Demand could improve the reports. They could benefit from being more user-friendly and intuitive."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Fortify on Demand is ranked 10th in Application Security Tools with 56 reviews. Checkmarx One is rated 7.6, while Fortify on Demand is rated 8.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". Checkmarx One is most compared with SonarQube, Veracode, Snyk, Coverity and Mend.io, whereas Fortify on Demand is most compared with SonarQube, Veracode, Coverity, Fortify WebInspect and Snyk. See our Checkmarx One vs. Fortify on Demand report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.