We performed a comparison between Fortify Application Defender, Fortra Tripwire IP360, and SonarQube based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications."
"The solution helped us to improve the code quality of our organization."
"The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology."
"The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions."
"The most valuable features of Fortify Application Defender are the code packages that are default."
"I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy."
"The product saves us cost and time."
"It's become the pinnacle point for anything that enters the network or anything that's passing through to production to first be affected by IP360, hardened, and up to standard. For our integrity management, one was deployed in the bank about two years ago and that's still going to expand the usage and the product itself. That will go hand in hand with training and expanding the product as for where it's deployed."
"We could manage our entire IP range with the solution."
"Tripwire IP360 is a very stable solution."
"If you want to have your code scanned and timed then this is a good tool."
"We've configured it to run on each commit, providing feedback on our software quality. ]"
"The product is simple."
"The solution offers a very good community edition."
"The tool helps us to monitor and manage violations. It manages the bugs and security violations."
"The most valuable features are the dashboard reports and the ease of integrating it with Jenkins."
"The reporting and the results are quick. It gets integrated within the pipeline well."
"We consider it a handy tool that helps to resolve our issues immediately."
"The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."
"I encountered many false positives for Python applications."
"The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java."
"The solution is quite expensive."
"Fortify Application Defender gives a lot of false positives."
"The workbench is a little bit complex when you first start using it."
"Support for older compilers/IDEs is lacking."
"Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."
"We need to dedicate time and resources to keep it running."
"The reporting functions can use improvement. There is room for growth because reporting functions differ a lot depending on what you're going to output. It depends on whether it's for technical or senior management and how it's interpreted. There could be growth within the reporting functionality side."
"I am not very impressed by the technical support."
"The software testing tool capability could improve. It does not always integrate well. You have to use a specific plugin and the plugin does not always go in Apple's applications."
"Code security scanning could be improved."
"Expression of common vulnerabilities and exposures is not always current."
"I would like to see dynamic code analysis in the next version of the software."
"SonarQube can improve by scanning the internal library which currently it does not do. We are looking for a solution for this."
"If the product could assist us with fixing issues by giving us more pointers then it would help to resolve more of the warnings without such a commitment in terms of time."
"We've been using the Community Edition, which means that we get to use it at our leisure, and they're kind enough to literally give it to us. However, it takes a fair amount of effort to figure out how to get everything up and running. Since we didn't go with the professional paid version, we're not entitled to support. Of course that could be self-correcting if we were to make the step to buy into this and really use it. Then their technical support would be available to us to make strides for using it better."
"The product's user documentation can be vastly improved."
