We compared Fortify on Demand and SonarQube based on our user's reviews in several parameters.
In summary, Fortify on Demand is praised for its robust security, comprehensive scanning capabilities, and prompt vulnerability reporting, with positive feedback on customer service and pricing. SonarQube stands out for its support for multiple languages, seamless integration, and comprehensive features, with exceptional customer service and positive feedback on pricing and ROI. Areas for improvement include enhancing performance and usability for Fortify on Demand, while SonarQube could focus on analysis speed, UI navigation, setup instructions, documentation, performance, and integration options.
Features: Fortify on Demand is highly appreciated for its robust security, comprehensive scanning capabilities, user-friendly interface, and timely vulnerability reporting. SonarQube stands out with its support for multiple languages, simplified design, integration with DevOps pipelines, and ability to detect vulnerabilities and code smells. Additionally, SonarQube offers configurability, flexibility, and a user-friendly interface.
Pricing and ROI: Fortify on Demand's users have found the setup costs to be manageable and appreciate the flexible licensing options. On the other hand, SonarQube's pricing is considered reasonable and competitive, and its setup cost is straightforward and easy. SonarQube also offers flexible licensing options to cater to different needs., Fortify on Demand users expressed satisfaction with the platform's effectiveness and value for their investment. SonarQube helped improve code quality, detect vulnerabilities, and ensure code compliance, resulting in cost savings and increased productivity.
Room for Improvement: Fortify on Demand could benefit from enhancements in performance, scanning capabilities, customization options, reporting features, and user interface. SonarQube should focus on improving analysis speed, user interface, setup instructions, documentation, performance, and integration options.
Deployment and customer support: The user reviews for Fortify on Demand and SonarQube show that the duration required to establish a new tech solution can vary between users. While both products have similar timeframes mentioned by users, Fortify on Demand has a wider range of deployment and setup durations compared to SonarQube., Fortify on Demand's customer service is praised for its prompt and helpful assistance. Users appreciate the attentiveness and expertise of the support team. SonarQube also receives praise for its exceptional customer service and support, with users acknowledging the prompt and knowledgeable assistance provided. The support team is commended for their responsiveness and willingness to go above and beyond.
The summary above is based on 51 interviews we conducted recently with Fortify on Demand and SonarQube users. To access the review's full transcripts, download our report.
"Speed and efficiency are great features."
"The UL is easy to use compared to that of other tools, and it is highly reliable. The findings provide a lower number of false positives."
"The vulnerability detection and scanning are awesome features."
"Micro Focus WebInspect and Fortify code analysis tools are fully integrated with SSC portals and can instantly register to error tracking systems, like TFS and JIRA."
"Fortify on Demand is easy to use and the reporting is good."
"The most valuable feature is that it connects with your development platforms, such as Microsoft Information Server and Jira."
"I don’t know of any other On-Demand enterprise solution like this one where we can load the details and within a few days, receive the results of intrusion attacks, and work with HP Security Experts when needed for clarification"
"The user interface is good."
"We can create a Quality Gate in order to fail Jenkins jobs where the code coverage is lower than the set percentage."
"We have worked with the support from SonarQube and we have had good experiences."
"There's plenty of documentation available to users."
"If you want to have your code scanned and timed then this is a good tool."
"This solution is simple to use and can be quickly deployed."
"I like the by-default policies that are they, as they seem to cover most of what I need."
"Before you even compile, it can catch known vulnerability issues or patterns."
"The solution offers a very good community edition."
"Reporting could be improved."
"There are lots of limitations with code technology. It cannot scan .net properly either."
"Takes up a lot of resources which can slow things down."
"In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication. They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful."
"Micro Focus Fortify on Demand could improve the reports. They could benefit from being more user-friendly and intuitive."
"We want a user-based control and role-based access for developers. We want to give limited access to developers so that it only pertains to the code that they write and scanning of the codes for any vulnerabilities as they're progressing with writing the code. As of now, the interface to give restricted access to the developers is not the best. It gives them more access than what is basically required, but we don't want over-provisioning and over-access."
"The products must provide better integration with build tools."
"The solution has some issues with latency. Sometimes it takes a while to respond. This issue should be addressed."
"We previously experienced issues with security but a segregated security violation has been implemented and the issues we experienced are being fixed."
"The product's pricing could be lower."
"During the setup process, we only had one issue related to the number of available files. To perform the analysis, you have quite a lot of available file handles, so we had to increase that limit."
"A better design of the interface and add some new rules."
"The reporting can be improved."
"We had some issues scanning the master branch but when we upgraded to version 7.9 we noticed it does scan the master branch but we had to do a workaround for it to happen. This process could be improved in a future release."
"There needs to be a shareable reporting piece or something we can click and generate easily."
"The solution could improve the management reports by making them easier to understand for the technical team that needs to review them."
Fortify on Demand is ranked 10th in Application Security Tools with 56 reviews while SonarQube is ranked 1st in Application Security Tools with 111 reviews. Fortify on Demand is rated 8.0, while SonarQube is rated 8.0. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Fortify on Demand is most compared with Veracode, Checkmarx One, Coverity, Fortify WebInspect and Snyk, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Mend.io. See our Fortify on Demand vs. SonarQube report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.