Coverity vs Fortify on Demand comparison

Cancel
You must select at least 2 products to compare!
Synopsys Logo
17,611 views|11,474 comparisons
88% willing to recommend
OpenText Logo
10,127 views|7,448 comparisons
90% willing to recommend
Comparison Buyer's Guide
Executive Summary
Updated on Mar 20, 2023

We performed a comparison between Coverity and Micro Focus Fortify on Demand based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Micro Focus Fortify on Demand has a simple initial setup that takes a couple of hours. Coverity's setup is straightforward with on-screen instructions, but the overall deployment time depends on project size and integration needs.
  • Features: Micro Focus Fortify on Demand has quick project setup, static and dynamic code scanning, endpoint vulnerability identification, and task delegation, and is user-friendly. Coverity has contributing events for root cause understanding, independent scan runs, good memory, static order analysis, stable C++ component analysis, and is easy to set up and powerful.
  • Pricing: Micro Focus Fortify on Demand's pricing model is based on the number of applications to scan. Coverity is considered expensive and could benefit from a price reduction.
  • Service and Support: Micro Focus Fortify on Demand has responsive and helpful tech support. Coverity offers email, call, and Webex support, but some users have reported slow response times.
  • ROI: Micro Focus Fortify on Demand has saved money for some companies by automating scans. Coverity has provided value to companies over the last ten years.

Comparison Result: Based on the parameters we compared, Micro Focus Fortify on Demand comes out ahead of Coverity. Although both products have valuable features and can be estimated as high-end solutions, our reviewers found that Coverity is very expensive and has slow support.

To learn more, read our detailed Coverity vs. Fortify on Demand Report (Updated: May 2024).
771,740 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The product has deeper scanning capabilities.""The ability to scan code gives us details of existing and potential vulnerabilities. What really matters for us is to ensure that we are able to catch vulnerabilities ahead of time.""Coverity gives advisory and deviation features, which are some of the parts I liked.""It has the lowest false positives.""It provides reports about a lot of potential defects.""The solution effectively identifies bugs in code.""We were very comfortable with the initial setup.""It's very stable."

More Coverity Pros →

"Each bank may have its own core banking applications with proprietary support for different programming languages. This makes Fortify particularly relevant and advantageous in those cases.""The licensing was good.""The most valuable features are the detailed reporting and the ability to set up deep scanning of the software, both of which are in the same place.""The most valuable feature is that it connects with your development platforms, such as Microsoft Information Server and Jira.""One of the valuable features is the ability to submit your code and have it run in the background. Then, if something comes up that is more specific, you have the security analyst who can jump in and help, if needed.""Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much.""Fortify supports most languages. Other tools are limited to Java and other typical languages. IBM's solutions aren't flexible enough to support any language. Fortify also integrates with lots of tools because it has API support.""The solution is user-friendly. One feature I find very effective is the tool's automatic scanning capability. It scans replicas of the code developers write and automatically detects any vulnerabilities. The integration with CI/CD tools is also useful for plugins."

More Fortify on Demand Pros →

Cons
"Coverity is not stable.""I would like to see integration with popular IDEs, such as Eclipse.""Its price can be improved. Price is always an issue with Synopsys.""The setup takes very long.""Reporting engine needs to be more robust.""The solution is a bit complex to use in comparison to other products that have many plugins.""We use GitHub and Gitflow, and Coverity does not fit with Gitflow. I have to create a screen for our branches, and it's a pain for developers. It has been difficult to integrate Coverity with our system.""The solution could use more rules."

More Coverity Cons →

"Fortify on Demand needs to improve its pricing.""Takes up a lot of resources which can slow things down.""The vulnerability analysis does not always provide guidelines for what the developer should do in order to correct the problem, which means that the code has to be manually inspected and understood.""The products must provide better integration with build tools.""Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify.""There are lots of limitations with code technology. It cannot scan .net properly either.""Fortify on Demand could be improved with support in Russia.""In terms of what could be improved, we need more strategic analysis reports, not just for one specific application, but for the whole enterprise. In the next release, we need more reports and more analytic views for all the applications. There is no enterprise view in Fortify. I would like enterprise views and reports."

More Fortify on Demand Cons →

Pricing and Cost Advice
  • "Coverity is quite expensive."
  • "The licensing fees are based on the number of lines of code."
  • "The price is competitive with other solutions."
  • "It is expensive."
  • "Coverity is very expensive."
  • "This is a pretty expensive solution. The overall value of the solution could be improved if the price was reduced. Licensing is done on an annual basis."
  • "The pricing is very reasonable compared to other platforms. It is based on a three year license."
  • "The pricing is on the expensive side, and we are paying for a couple of items."
  • More Coverity Pricing and Cost Advice →

  • "Buying a license would be feasible for regular use. For intermittent use, the cloud-based option can be used (Fortify on Demand)."
  • "We used the one-time application, Security Scan Dynamic. I believe the original fee was $8,000."
  • "The subscription model, on a per-scan basis, is a bit expensive. That's another reason we are not using it for all the apps."
  • "The licensing was good because the licenses have the heavy centralized server."
  • "It's a yearly contract, but I don't remember the dollar amount."
  • "The pricing can be improved because it is complex when compared to the competition."
  • "It is quite expensive. Pricing and the licensing model could be improved."
  • "It is cost-effective."
  • More Fortify on Demand Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
    771,740 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing… more »
    Top Answer:The solution has improved our code quality and security very well.
    Top Answer:It helps deploy and track changes easily as per time-to-time market upgrades.
    Top Answer:The product's cost depends on the type of license. The on-premise licenses are more expensive than the cloud subscriptions. I rate the pricing a six out of ten.
    Top Answer:They could provide features for artificial intelligence similar to other vendors like OpenText products.
    Ranking
    Views
    17,611
    Comparisons
    11,474
    Reviews
    22
    Average Words per Review
    382
    Rating
    8.0
    Views
    10,127
    Comparisons
    7,448
    Reviews
    16
    Average Words per Review
    406
    Rating
    8.2
    Comparisons
    SonarQube logo
    Compared 51% of the time.
    Klocwork logo
    Compared 9% of the time.
    Checkmarx One logo
    Compared 6% of the time.
    Veracode logo
    Compared 5% of the time.
    Polyspace Code Prover logo
    Compared 4% of the time.
    Also Known As
    Synopsys Static Analysis
    Micro Focus Fortify on Demand
    Learn More
    Overview

    Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts. 

    Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports 22 languages and over 70 frameworks and templates.

    Fortify on Demand is a web application security testing tool that enables continuous monitoring. The solution is designed to help you with security testing, vulnerability management and tailored expertise, and is able to provide the support needed to easily create, supplement, and expand a software security assurance program without the need for additional infrastructure or resources.

    Fortify on Demand Features

    Fortify on Demand has many valuable key features. Some of the most useful ones include:

    • Deployment flexibility
    • Scalability
    • Built for DevSecOps
    • Ease of use
    • Supports 27+ languages
    • Real-time vulnerability identification with
    • Security Assistant
    • Actionable results in less than 1 hour for most applications with DevOps automation
    • Expanded coverage, accuracy and remediation details with IAST runtime agent
    • Continuous application monitoring of production applications
    • Virtual patches
    • Supports iOS and Android mobile applications
    • Security vulnerability identification
    • Behavioral and reputation analysis

    Fortify on Demand Benefits

    There are several benefits to implementing Fortify on Demand. Some of the biggest advantages the solution offers include:

    • Fast remediation: With Fortify on Demand you can achieve fast remediation throughout the software lifecycle with robust assessments by a team of security experts.
    • Easy integration: The solution’s integration ecosystem is easy to use, creating a more secure software supply chain.
    • Security testing: Fortify on Demand covers in-depth mobile app security testing, open-source analysis, and vendor application security management, in addition to static and dynamic testing.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by PeerSpot users currently using the Fortify on Demand solution.

    Dionisio V., Senior System Analyst at Azurian, says, "One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that." He goes on to add, “Another reason I like Fortify on Demand is because our code often includes open source libraries, and it's important to know when the library is outdated or if it has any known vulnerabilities in it. This information is important to us when we're developing our solutions and Fortify on Demand informs us when it detects any vulnerable open source libraries.”

    A Security Systems Analyst at a retailer mentions, “Being able to reduce risk overall is a very valuable feature for us.”

    Jayashree A., Executive Manager at PepsiCo, comments, “Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning. When we are exploring some of the endpoints this solution identifies many loopholes that hackers could utilize for an attack. This has been very helpful and surprising how many vulnerabilities there can be.”

    A Principal Solutions Architect at a security firm explains, “Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out.”

    PeerSpot user Mamta J., Co-Founder at TechScalable, states, "Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."

    Sample Customers
    MStar Semiconductor, Alcatel-Lucent
    SAP, Aaron's, British Gas, FICO, Cox Automative, Callcredit Information Group, Vital and more.
    Top Industries
    REVIEWERS
    Manufacturing Company36%
    Comms Service Provider20%
    Computer Software Company20%
    Retailer8%
    VISITORS READING REVIEWS
    Manufacturing Company28%
    Computer Software Company16%
    Financial Services Firm8%
    Government4%
    REVIEWERS
    Financial Services Firm38%
    Computer Software Company17%
    Retailer10%
    Energy/Utilities Company7%
    VISITORS READING REVIEWS
    Financial Services Firm19%
    Computer Software Company14%
    Manufacturing Company11%
    Government9%
    Company Size
    REVIEWERS
    Small Business16%
    Midsize Enterprise14%
    Large Enterprise70%
    VISITORS READING REVIEWS
    Small Business14%
    Midsize Enterprise10%
    Large Enterprise76%
    REVIEWERS
    Small Business25%
    Midsize Enterprise13%
    Large Enterprise63%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise11%
    Large Enterprise73%
    Buyer's Guide
    Coverity vs. Fortify on Demand
    May 2024
    Find out what your peers are saying about Coverity vs. Fortify on Demand and other solutions. Updated: May 2024.
    771,740 professionals have used our research since 2012.

    Coverity is ranked 4th in Static Application Security Testing (SAST) with 33 reviews while Fortify on Demand is ranked 9th in Static Application Security Testing (SAST) with 57 reviews. Coverity is rated 7.8, while Fortify on Demand is rated 8.0. The top reviewer of Coverity writes "Best SAST tool to check software quality issues". On the other hand, the top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". Coverity is most compared with SonarQube, Klocwork, Checkmarx One, Veracode and Polyspace Code Prover, whereas Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Fortify WebInspect and Snyk. See our Coverity vs. Fortify on Demand report.

    See our list of best Static Application Security Testing (SAST) vendors.

    We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.