Checkmarx vs Fortify on Demand comparison

You must select at least 2 products to compare!
Checkmarx Logo
38,151 views|26,666 comparisons
OpenText Logo
12,968 views|9,181 comparisons
Comparison Buyer's Guide
Executive Summary
Updated on Aug 24, 2022

We performed a comparison between Checkmarx and Micro Focus Fortify on Demand based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Checkmarx users say deployment is easy. The majority of Micro Focus Fortify on Demand users mention that the initial setup is simple. However, some reviewers feel that it can be a bit complex since it involves a learning curve.
  • Features: Users say both solutions have good stability, scalability, flexibility, code scanning, and integration capabilities.

    Checkmarx users like its user interface and its identification of verification-related security vulnerabilities. Users say there is limited support from different languages and that creating and editing custom rules is difficult.

    Users of Micro Focus Fortify say it has good reports, is easy to use, and includes very simple and efficient API support and security analysis. Reviewers feel that integration to CI/CD pipelines could be improved, and that the solution needs to include user-based control and role-based access for developers.
  • Pricing: Users of both solutions express mixed reviews on the pricing.
  • Service and Support: Checkmarx users say the technical support is good while users of Micro Focus Fortify on Demand have mixed opinions.
  • ROI: Users of both solutions report a positive ROI.

Comparison Results: The two solutions are very comparable. All categories received similar ratings except that Checkmarx got better rewviews on deployment and support.

To learn more, read our detailed Checkmarx vs. Fortify on Demand Report (Updated: September 2023).
734,678 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"The most valuable features of Checkmarx are the automation and information that it provides in the reports.""The SAST component was absolutely 100% stable.""What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results.""The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful.""Apart from software scanning, software composition scanning is valuable.""It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security.""The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects.""Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."

More Checkmarx Pros →

"Each bank may have its own core banking applications with proprietary support for different programming languages. This makes Fortify particularly relevant and advantageous in those cases.""The features that I have found most valuable include its security scan, the vulnerability finds, and the web interface to search and review the issues.""The user interface is good.""We have the option to test applications with or without credentials.""The most valuable features of Micro Focus Fortify on Demand have been SAT analysis and application security.""The most valuable features are the detailed reporting and the ability to set up deep scanning of the software, both of which are in the same place.""Provides good depth of scanning and we get good results.""The most valuable feature of Micro Focus Fortify on Demand is the information it can provide. There is quite a lot of information. It can pinpoint right down to where the problem is, allowing you to know where to fix it. Overall the features are easy to use, you don't have to be a coder. You can be a manager, or in IT operations, et cetera, anyone can use it. It is quite a well-rounded functional solution."

More Fortify on Demand Pros →

"Checkmarx could improve the REST APIs by including automation.""Checkmarx needs to be more scalable for large enterprise companies.""The plugins for the development environment have room for improvements such as for Android Studio and X code.""I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features.""Checkmarx could improve the speed of the scans.""Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not.""We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process.""We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."

More Checkmarx Cons →

"The products must provide better integration with build tools.""There are lots of limitations with code technology. It cannot scan .net properly either.""Fortify on Demand could be improved with support in Russia.""The UI could be better. Fortify should also suggest new packages in the product that can be upgraded. Currently, it shows that, but it's not visible enough. In future versions, I would like more insights about the types of vulnerabilities and the pages associated with the exact CVE.""We have some stability issues, but they are minimal.""Not fully integrated with CIT processes.""I would like the solution to add AI support.""Takes up a lot of resources which can slow things down."

More Fortify on Demand Cons →

Pricing and Cost Advice
  • "Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually."
  • "We have purchased an annual license to use this solution. The price is reasonable."
  • "We're using a commercial version of Checkmarx, and we paid for the solution for one year. The price is high and could be reduced."
  • "The price of Checkmarx could be reduced to match their competitors, it is expensive."
  • "The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."
  • "If you want more, you have to pay more. You have to pay for additional modules or functionalities."
  • "Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."
  • "I would rate the solution’s pricing an eight out of ten. The tool’s pricing is higher than others and it is for the license alone."
  • More Checkmarx Pricing and Cost Advice →

  • "The solution is expensive and the price could be reduced."
  • "The pricing model it's based on how many applications you wish to scan."
  • "Micro Focus Fortify on Demand licenses are managed by our IT team and the license model is user-based."
  • "Fortify on Demand is affordable, and its licensing comes with a year of support."
  • "There are different costs for Micro Focus Fortify on Demand depending on the assessments you want to use. There is only a standard license needed to use the solution."
  • "Fortify on Demand is moderately priced, but its pricing could be more flexible."
  • "I believe the rental license is not too expensive, but it provides a lot of information about the vulnerabilities."
  • "I'd rate it an eight out of ten in terms of pricing."
  • More Fortify on Demand Pricing and Cost Advice →

    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    734,678 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
    Top Answer:SonarQube historically was focused on Code Quality and Best Practices. Recently the enterprise and data center versions provide some security vulnerabilities detection with OWASP compliance. This is… more »
    Top Answer:We use the solution for dynamic application testing.
    Top Answer:We were on a subscription-based model. The subscription was expiring in December 2022, and we have decided not to renew it for this year.
    Top Answer:The products must provide better integration with build tools. In SonarQube scans, the pull requests are decorated. I don't know if it is a missing integration or a limitation, but I don't see the… more »
    Average Words per Review
    Average Words per Review
    Also Known As
    Micro Focus Fortify on Demand
    Learn More

    Checkmarx is a highly accurate and flexible static code analysis product that allows organizations to automatically scan uncompiled code and identify hundreds of security vulnerabilities in all major coding languages and software frameworks. Checkmarx is available as a standalone product and can be effectively integrated into the software development lifecycle (SDLC) to streamline vulnerability detection and remediation. Checkmarx is trusted by leading organizations such as SAP, Samsung, and

    Checkmarx is a global leader in software security solutions for modern software development. Checkmarx delivers a comprehensive software security platform that unites with DevOps by scanning uncompiled source code for security vulnerabilities early in the development life cycle to reduce and remediate risk from software vulnerabilities. Using Checkmarx, teams avoid software security vulnerabilities managed via a single and unified dashboard without slowing down their delivery schedule.

    Checkmarx balances the needs of the entire organization, delivering seamless security from the start and throughout the entire software development life cycle. Checkmarx can be deployed on-premises in a private data center or hosted via a public cloud.

    Checkmarx Features

    Some of Checkmarx’s features include:

    • Source code scanning: Detect and repair more vulnerabilities before you release your code.

    • Open-source scanning: Find and eliminate the risks in your open-source code.

    • Interactive code scanning: Scan for vulnerabilities and runtime threats.

    • Open-source security for infrastructure as code: Identify and fix insecure IaC configurations that put your application at risk.

    Reviews from Real Users

    Checkmarx stands out among its competitors for a number of reasons. Two major ones are its ability to enable developers to secure their code with a single management dashboard and its high-speed scanning abilities.

    PeerSpot users note the effectiveness of these features. A CEO at a tech services company writes, “The most valuable features are the easy-to-understand interface, and it’s very user-friendly. We spend some time tuning to start scanning a new project, which is only a few clicks. A few simple tunes for custom rules and we can start our scan. We can do the work quickly and we don't need to compile the source code because Checkmarx does the work without compiling the project. The scanning is very quick. It's about 20,000 lines per hour, which is a good speed for scanning.”

    A director at a tech services company notes, “The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important.”

    A senior manager at a manufacturing company writes, “The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."

    Fortify on Demand is a web application security testing tool that enables continuous monitoring. The solution is designed to help you with security testing, vulnerability management and tailored expertise, and is able to provide the support needed to easily create, supplement, and expand a software security assurance program without the need for additional infrastructure or resources.

    Fortify on Demand Features

    Fortify on Demand has many valuable key features. Some of the most useful ones include:

    • Deployment flexibility
    • Scalability
    • Built for DevSecOps
    • Ease of use
    • Supports 27+ languages
    • Real-time vulnerability identification with
    • Security Assistant
    • Actionable results in less than 1 hour for most applications with DevOps automation
    • Expanded coverage, accuracy and remediation details with IAST runtime agent
    • Continuous application monitoring of production applications
    • Virtual patches
    • Supports iOS and Android mobile applications
    • Security vulnerability identification
    • Behavioral and reputation analysis

    Fortify on Demand Benefits

    There are several benefits to implementing Fortify on Demand. Some of the biggest advantages the solution offers include:

    • Fast remediation: With Fortify on Demand you can achieve fast remediation throughout the software lifecycle with robust assessments by a team of security experts.
    • Easy integration: The solution’s integration ecosystem is easy to use, creating a more secure software supply chain.
    • Security testing: Fortify on Demand covers in-depth mobile app security testing, open-source analysis, and vendor application security management, in addition to static and dynamic testing.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by PeerSpot users currently using the Fortify on Demand solution.

    Dionisio V., Senior System Analyst at Azurian, says, "One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that." He goes on to add, “Another reason I like Fortify on Demand is because our code often includes open source libraries, and it's important to know when the library is outdated or if it has any known vulnerabilities in it. This information is important to us when we're developing our solutions and Fortify on Demand informs us when it detects any vulnerable open source libraries.”

    A Security Systems Analyst at a retailer mentions, “Being able to reduce risk overall is a very valuable feature for us.”

    Jayashree A., Executive Manager at PepsiCo, comments, “Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning. When we are exploring some of the endpoints this solution identifies many loopholes that hackers could utilize for an attack. This has been very helpful and surprising how many vulnerabilities there can be.”

    A Principal Solutions Architect at a security firm explains, “Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out.”

    PeerSpot user Mamta J., Co-Founder at TechScalable, states, "Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."

    Learn more about Checkmarx
    Learn more about Fortify on Demand
    Sample Customers
    YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
    SAP, Aaron's, British Gas, FICO, Cox Automative, Callcredit Information Group, Vital and more.
    Top Industries
    Computer Software Company36%
    Financial Services Firm21%
    Manufacturing Company11%
    Comms Service Provider7%
    Financial Services Firm23%
    Computer Software Company15%
    Manufacturing Company8%
    Insurance Company6%
    Financial Services Firm37%
    Computer Software Company15%
    Energy/Utilities Company7%
    Financial Services Firm19%
    Computer Software Company15%
    Manufacturing Company9%
    Company Size
    Small Business37%
    Midsize Enterprise15%
    Large Enterprise49%
    Small Business16%
    Midsize Enterprise11%
    Large Enterprise73%
    Small Business27%
    Midsize Enterprise12%
    Large Enterprise62%
    Small Business16%
    Midsize Enterprise10%
    Large Enterprise73%
    Buyer's Guide
    Checkmarx vs. Fortify on Demand
    September 2023
    Find out what your peers are saying about Checkmarx vs. Fortify on Demand and other solutions. Updated: September 2023.
    734,678 professionals have used our research since 2012.

    Checkmarx is ranked 3rd in Application Security Tools with 23 reviews while Fortify on Demand is ranked 10th in Application Security Tools with 18 reviews. Checkmarx is rated 7.6, while Fortify on Demand is rated 7.8. The top reviewer of Checkmarx writes "Supports different languages, has excellent support, and easily expands". On the other hand, the top reviewer of Fortify on Demand writes "Seamless integration with various platforms and products, providing a centralized and comprehensive security analysis solutionand". Checkmarx is most compared with SonarQube, Veracode, Snyk, Coverity and, whereas Fortify on Demand is most compared with SonarQube, Veracode, Fortify WebInspect, Coverity and OWASP Zap. See our Checkmarx vs. Fortify on Demand report.

    See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.