We performed a comparison between Checkmarx One, Fortify Application Defender, and Fortra Tripwire IP360 based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."The value you can get out of the speedy production may be worth the price tag."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"The report function is the solution's greatest asset."
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"The solution is scalable, but other solutions are better."
"Scan reviews can occur during the development lifecycle."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"It shows in-depth code of where actual vulnerabilities are."
"The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology."
"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."
"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy."
"Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications."
"The most valuable features of Fortify Application Defender are the code packages that are default."
"The most valuable feature is that it analyzes data in real-time."
"The product saves us cost and time."
"It's become the pinnacle point for anything that enters the network or anything that's passing through to production to first be affected by IP360, hardened, and up to standard. For our integrity management, one was deployed in the bank about two years ago and that's still going to expand the usage and the product itself. That will go hand in hand with training and expanding the product as for where it's deployed."
"We could manage our entire IP range with the solution."
"Tripwire IP360 is a very stable solution."
"Checkmarx could improve the speed of the scans."
"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."
"I would like to see the rate of false positives reduced."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"Checkmarx is not good because it has too many false positive issues."
"Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."
"Support for older compilers/IDEs is lacking."
"The false positive rate should be lower."
"The workbench is a little bit complex when you first start using it."
"Fortify Application Defender gives a lot of false positives."
"The licensing can be a little complex."
"The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java."
"The solution is quite expensive."
"We need to dedicate time and resources to keep it running."
"I am not very impressed by the technical support."
"The reporting functions can use improvement. There is room for growth because reporting functions differ a lot depending on what you're going to output. It depends on whether it's for technical or senior management and how it's interpreted. There could be growth within the reporting functionality side."