We performed a comparison between Fortify on Demand and GitLab based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation."
"The static code analyzers are the most valuable features of this solution."
"The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it."
"The licensing was good."
"Fortify on Demand's best feature is that there's no need to install and configure it locally since it's on the cloud."
"It is an extremely robust, scalable, and stable solution."
"It's a stable and scalable solution."
"Each bank may have its own core banking applications with proprietary support for different programming languages. This makes Fortify particularly relevant and advantageous in those cases."
"It is very useful for reviews. We are using branch merging operations and full reset operations. It is also very useful for merging our code and tracking another branch. The graph diagrams of Git are very useful. Its interface is straightforward and not too complex for us."
"I like that it's easy to deploy our services over GitLab. The customer support is also good with a really active community. You have a lot of support that you can get online with your stack. That is probably one of the benefits of using GitLab. It's also really fast."
"It scales well."
"We're only using the basic features of GitLab and haven't used any advanced features. The solution works fine, so that's what we like about GitLab. We're party using GitHub and GitLab. We have a GitHub server, while we use GitLab locally or only within our team, and it works okay. We don't have any significant problems with the solution. We also found the straightforward setup, stability, and scalability of GitLab valuable."
"I have had no problem with the stability of the solution."
"The most valuable feature of GitLab is the automatic merging of code."
"The most important features of GitLab for us are issue management and all the CI/CD tools. Another aspect that I love about GitLab is the UI."
"Their CI/CD engine is very mature. It's very comprehensive and flexible, and compared to other projects, I believe that GitLab is number one right now from that perspective."
"The reporting capabilities need improvement, as there are some features that we would like to have but are not available at the moment."
"It lacks of some important features that the competitors have, such as Software Composition Analysis, full dead code detection, and Agile Alliance's Best Practices and Technical Debt."
"It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the overall time span to scan the code, and even to set up the code scanning, is a bit overwhelming for regular developers."
"The solution has some issues with latency. Sometimes it takes a while to respond. This issue should be addressed."
"Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve."
"They could provide features for artificial intelligence similar to other vendors."
"Not fully integrated with CIT processes."
"Micro Focus Fortify on Demand could improve the reports. They could benefit from being more user-friendly and intuitive."
"For as long as I have used GitLab, I haven't encountered any major limitations. However, I think that perhaps the search functionality could be better."
"Their RBAC is role-based access, which is fine but not very good."
"I believe there's room for improvement in the advanced features, particularly in enhancing the pipeline functionalities."
"The solution could improve by providing more integration into the CI/CD pipeline, an autocomplete search tool, and more supporting documentation."
"I would like to see static analysis also embedded in GitLab. That would also help us. If there's something that it does internally by GitLab and then that is already tied up with your pipeline and then it can tell you that you're coding is good or your code is not great. Based on that, it would pass or fail. That should be streamlined. I would think that would help to a greater extent, in terms of having one solution rather than depending on multiple vendors."
"I used Spring Cloud config and to connect that to GitLab was so hard."
"The only thing our company is really waiting on in terms of features is the development of metrics."
"I rate the support from GitLab a four out of five."
Fortify on Demand is ranked 10th in Application Security Tools with 56 reviews while GitLab is ranked 7th in Application Security Tools with 70 reviews. Fortify on Demand is rated 8.0, while GitLab is rated 8.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of GitLab writes "Powerful, mature, and easy to set up and manage". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and Fortify WebInspect, whereas GitLab is most compared with Microsoft Azure DevOps, Bamboo, SonarQube, AWS CodePipeline and Tekton. See our Fortify on Demand vs. GitLab report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.