We performed a comparison between Fortify on Demand and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is that it connects with your development platforms, such as Microsoft Information Server and Jira."
"The solution is user-friendly."
"The quality of application security testing reduces risk and gives very few false positives."
"The installation was easy."
"It is a very easy tool for developers to use in parallel while they're doing the coding. It does auto scanning as we are progressing with the CI/CD pipeline. It has got very simple and efficient API support."
"Audit workbench: for on-the-fly defect auditing."
"This product is top-notch solution and the technology is the best on the market."
"The solution is very fast."
"Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."
"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings."
"You can easily find particular features and functions through the UI."
"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
"The UI was very intuitive."
"It was easy to set up."
"The most valuable feature of HCL AppScan is scanning QR codes."
"If you have a continuous integration in place, for example, and you want it to run along with your build and you want it to be fast, you're not going to get it. It adds to your development time."
"We would like a reduction in the time frame of scans. It takes us three to five days to run a scan now. We would like that reduced to under three days."
"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."
"It lacks of some important features that the competitors have, such as Software Composition Analysis, full dead code detection, and Agile Alliance's Best Practices and Technical Debt."
"There are many false positives identified by the solution."
"An improvement would be the ability to get vulnerabilities flowing automatically into another system."
"Integration to CI/CD pipelines could be improved. The reporting format could be more user friendly so that it is easy to read."
"They could provide features for artificial intelligence similar to other vendors."
"There are so many lines of code with so many different categories that I am likely to get lost. "
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
"They could add a software component analysis tool."
"They should have a better UI for dashboards."
"IBM Security AppScan Source is rather hard to use."
"It has crashed at times."
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
Fortify on Demand is ranked 10th in Application Security Tools with 56 reviews while HCL AppScan is ranked 15th in Application Security Tools with 41 reviews. Fortify on Demand is rated 8.0, while HCL AppScan is rated 7.8. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and GitHub, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, OWASP Zap and Fortify WebInspect. See our Fortify on Demand vs. HCL AppScan report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.