CodeSonar vs Fortify Application Defender comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between CodeSonar and Fortify Application Defender based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed CodeSonar vs. Fortify Application Defender Report (Updated: March 2024).
765,234 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most valuable feature of CodeSonar is the catching of dead code. It is helpful.""CodeSonar’s most valuable feature is finding security threats.""What I like best about CodeSonar is that it has fantastic speed, analysis and configuration times. Its detection of all runtime errors is also very good, though there were times it missed a few. The configuration of logs by CodeSonar is also very fantastic which I've not seen anywhere else. I also like the GUI interface of CodeSonar because it's very user friendly and the tool also shows very precise logs and results.""There is nice functionality for code surfing and browsing.""It has been able to scale.""The tool is very good for detecting memory leaks.""The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code. Additionally, I found the buffer overflow and underflow useful."

More CodeSonar Pros →

"The solution helped us to improve the code quality of our organization.""The most valuable feature is that it analyzes data in real-time.""The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions.""Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications.""The product saves us cost and time.""Its ability to find security defects is valuable.""The most valuable features of Fortify Application Defender are the code packages that are default.""We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."

More Fortify Application Defender Pros →

Cons
"In terms of areas for improvement, the use case for CodeSonar was good, but compared to other tools, it seems CodeSonar isn't a sound static analysis tool, and this is a major con I've seen from it. Right now, in the market, people prefer sound static analysis tools, so I would have preferred if CodeSonar was developed into a sound static analysis tool formally, in terms of its algorithms, so then you can see it extensively used in the market because at the moment, here in India, only fifty to sixty customers use CodeSonar. If the product is developed into a sound static analysis tool, it could compete with Polyspace, and from its current fifty customers, that number could go up to a hundred.""There could be a shared licensing model for the users.""CodeSonar could improve by having better coding rules so we did not have to use another solution, such as MISRA C.""It would be beneficial for the solution to include code standards and additional functionality for security.""The scanning tool for core architecture could be improved.""In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category.""It was expensive."

More CodeSonar Cons →

"Fortify Application Defender gives a lot of false positives.""The licensing can be a little complex.""Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy.""Support for older compilers/IDEs is lacking.""The solution is quite expensive.""The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java.""The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours.""The workbench is a little bit complex when you first start using it."

More Fortify Application Defender Cons →

Pricing and Cost Advice
  • "Pricing is a bit costly."
  • "The solution's price depends on the number of licenses needed and the source code for the project."
  • "Our organization purchased a license to use the solution."
  • "The application’s pricing is high compared to other tools."
  • More CodeSonar Pricing and Cost Advice →

  • "The base licensing costs for the SaaS platform is about $900 USD per application, per year."
  • "The price of this solution could be less expensive."
  • "The licensing is very complex, it's project based and can range from $10,000 to $200,000+ depending on the project type and size."
  • "Fortify Application Defender is very expensive."
  • "The product’s price is much higher than other tools."
  • More Fortify Application Defender Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    765,234 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:CodeSonar’s most valuable feature is finding security threats.
    Top Answer:The application’s pricing is high compared to other tools. I rate its pricing a four out of ten.
    Top Answer:Our license model allows one user per license. Currently, we have limitations for VPN profiles. We can’t share the key with other users. There could be a shared licensing model for the users. It will… more »
    Top Answer:The product does not work well with Java coding. The false positive rate should be lower. The product should introduce more licensing models and reduce the licensing cost.
    Ranking
    Views
    1,934
    Comparisons
    1,241
    Reviews
    6
    Average Words per Review
    505
    Rating
    8.2
    Views
    2,036
    Comparisons
    1,719
    Reviews
    3
    Average Words per Review
    282
    Rating
    6.3
    Comparisons
    Also Known As
    HPE Fortify Application Defender, Micro Focus Fortify Application Defender
    Learn More
    Overview

    GrammaTech enables organizations to develop software applications more efficiently, on-budget, and on-schedule by helping to eliminate harmful defects that can cause system failures, enable data breaches, and ultimately increase corporate liabilities in today’s connected world. GrammaTech is the developer of CodeSonar, the most powerful source and binary code analysis solution available today. Extraordinarily precise, CodeSonar finds, on average, 2 times more serious defects in software than other static analysis solutions. Designed for organizations with zero tolerance for defects and vulnerabilities in their applications, CodeSonar provides static analysis for applications where reliability and security are paramount - widely used by software developers in avionics, medical, automotive, industrial control, and other mission-critical applications. Some of GrammaTech's customers include Toyota, GE, Hyundai, Kawasaki, LG, Lockheed Martin, NASA, Northrop Grumman, Panasonic, and Samsung.

    Micro Focus Security Fortify Application Defender is a runtime application self-protection (RASP) solution that helps you manage and mitigate risk from homegrown or third-party applications. It provides centralized visibility into application use and abuse while protecting from software vulnerability exploits and other violations in real time.

    Sample Customers
    Viveris, Micrel Medical Devices, Olympus, SOFTEQ, SONY
    ServiceMaster, Saltworks, SAP
    Top Industries
    VISITORS READING REVIEWS
    Manufacturing Company21%
    Computer Software Company17%
    University9%
    Government7%
    VISITORS READING REVIEWS
    Financial Services Firm21%
    Computer Software Company15%
    Manufacturing Company12%
    Government8%
    Company Size
    REVIEWERS
    Small Business63%
    Midsize Enterprise13%
    Large Enterprise25%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise14%
    Large Enterprise67%
    REVIEWERS
    Small Business33%
    Midsize Enterprise11%
    Large Enterprise56%
    VISITORS READING REVIEWS
    Small Business12%
    Midsize Enterprise13%
    Large Enterprise75%
    Buyer's Guide
    CodeSonar vs. Fortify Application Defender
    March 2024
    Find out what your peers are saying about CodeSonar vs. Fortify Application Defender and other solutions. Updated: March 2024.
    765,234 professionals have used our research since 2012.

    CodeSonar is ranked 22nd in Application Security Tools with 7 reviews while Fortify Application Defender is ranked 34th in Application Security Tools with 9 reviews. CodeSonar is rated 8.2, while Fortify Application Defender is rated 7.8. The top reviewer of CodeSonar writes "Nice interface, quick to deploy, and easy to expand". On the other hand, the top reviewer of Fortify Application Defender writes "Reliable solution with excellent machine learning algorithms but expensive and lacking support". CodeSonar is most compared with SonarQube, Coverity, Klocwork, Polyspace Code Prover and Fortify Static Code Analyzer, whereas Fortify Application Defender is most compared with Checkmarx, Coverity, SonarQube, CAST Application Intelligence Platform and Fortify on Demand. See our CodeSonar vs. Fortify Application Defender report.

    See our list of best Application Security Tools vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.