Fortify Application Defender vs GitGuardian Internal Monitoring comparison

You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Fortify Application Defender and GitGuardian Internal Monitoring based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Fortify Application Defender vs. GitGuardian Internal Monitoring Report (Updated: November 2022).
656,862 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"The visibility into application status helps reduce risk exposure for our software. Today, any findings provided by the DAST are reviewed by the developers and we have internal processes in place to correct those findings before there can be a release. So it absolutely does prevent us from releasing weak code.""Good static analysis and dynamic analysis.""The solution's ability to prevent vulnerable code from going into production is perfectly fine. It delivers, at least for the reports that we have been checking on Java and JavaScript. It has reported things that were helpful.""It's comprehensive from a feature standpoint.""My experience with Veracode across the board every time, in all products, the technology, the product, the service, and the salespeople is fabulous.""It is easy to use for us developers. It supports so many languages: C#, .NET Core, .NET Framework, and it even scans some of our JavaScript. You just need the extension to upload the files and the reports are generated with so much detail.""The dynamic scanning tool is what I like the best. Compared to other tools that I've used for dynamic scanning, it's much faster and easier to use.""It is SaaS hosted. That makes it very convenient to use. There is no initial time needed to set up an application. Scanning is a matter of minutes. You just log in, create an application profile, associate a security configuration, and that's about it. It takes 10 minutes to start. The lack of initial lead time or initial overhead to get going is the primary advantage."

More Veracode Pros →

"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment.""The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions.""The most valuable features of Fortify Application Defender are the code packages that are default."

More Fortify Application Defender Pros →

"The breadth of the solution detection capabilities is pretty good. They have good categories and a lot of different types of secrets... it gives us a great range when it comes to types of secrets, and that's good for us.""What is particularly helpful is that having GitGuardian show that the code failed a check enables us to automatically pass the resolution to the author. We don't have to rely on the reviewer to assign it back to him or her. Letting the authors solve their own problems before they get to the reviewer has significantly improved visibility and reduced the remediation time from multiple days to minutes or hours. Given how time-consuming code reviews can be, it saves some of our more scarce resources.""The most valuable feature is the alerts when secrets are leaked and we can look at particular repositories to see if there are any outstanding problems. In addition, the solution's detection capabilities seem very broad. We have no concerns there.""The secrets detection and alerting is the most important feature. We get alerted almost immediately after someone commits a secret. It has been very accurate, allowing us to jump on it right away, then figure out if we have something substantial that has been leaked or whether it is something that we don't have to worry about. This general main feature of the app is great.""We have definitely seen a return on investment when it finds things that are real. We have caught a couple things before they made it to production, and had they made it to production, that would have been dangerous.""GitGuardian has also helped us develop a security-minded culture. We're serious about shift left and getting better about code security. I think a lot of people are getting more mindful about what a secret is.""When they give you a description of what happened, it's really easy to follow and to retest. And the ability to retest is something that you don't have in other solutions. If a secret was detected, you can retest if it is still there. It will show you if it is in the history.""GitGuardian has helped to increase our security team's productivity. Now, we don't need to call the developers all the time and ask what they are working on. I feel the solution bridged the gap between our team and the developers, which is really great. I feel that we need that in our company, since some of the departments are just doing whatever and you don't know what they are doing. I think GitGuardian does a good job of bridging the gap. It saves us about 10 hours per week."

More GitGuardian Internal Monitoring Pros →

"Third-party library scanning would be very useful to have. When I was researching this a year ago, there was not a third-party library scan available. This would be a nice feature to have because we are now running through some assessments and finding out which tool can do it since this information needs to be captured. Since Veracode is a security solution, this should be related.""When it comes to the speed of the pipeline scan, one of the things we have found with Veracode is that it's very fast with Java-based applications but a bit slow with C/C++ based applications. So we have implemented the pipeline scan only for Java-based applications not for the C/C++ applications.""There is much to be desired of UI and user experience. The UI is very slow. With every click, it just takes a lot of time for the pages to load. We have seen this consistently since getting this solution. The UI and UX are very disjointed.""The product has issues with scanning.""Scheduling can be a little difficult. For instance, if you set up recurring scheduled scans and a developer comes in and says, "Hey, I have this critical release that happened outside of our normal release patterns and they want you to scan it," we actually have to change our schedule configuration and that means we lose the recurring scheduling settings we had.""I've seen slightly better static analysis tools from other companies when it comes to speed and ease of use.""I would like to see them provide more content in the developer training section. This field is really changing each day and there are flaws that are detected each day. Some sort of regular updates to the learning would help.""The pricing for qualified startups such as Neo4j could be improved."

More Veracode Cons →

"The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours.""Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy.""The licensing can be a little complex."

More Fortify Application Defender Cons →

"Right now, we are waiting for improvement in the RBAC support for GitGuardian.""They could give a developer access to a dashboard for their team's repositories that just shows their repository secrets. I think more could be exposed to developers.""There is room for improvement in its integration for bug-tracking. It should be more direct. They have invested a lot in user management, but they need to invest in integrations. That is a real lack.""For some repositories, there are a lot of incidents. For example, one repository says 255 occurrences, so I assume these are 255 alerts and nobody is doing anything about them. These could be false positives. However, I cannot assess it correctly, because I haven't been closing these false positives myself. From the dashboard, I can see that for some of the repositories, there have been a lot of closing of these occurrences, so I would assume there are a lot of false positives. A ballpark estimate would be 60% being false positives. One of the arguments from the developers against this tool is the number of false positives.""An area for improvement is the front end for incidents. The user experience in this area could be much better.""There is room for improvement in GitGuardian on Azure DevOps. The implementation is a bit hard there. This is one of the things we requested help with. I would not say their support is not good, but they need them to improve in helping customers on that side.""It could be easier. They have a CLI tool that engineers can run on their laptops, but getting engineers to install the tool is a manual process. I would like to see them have it integrated into one of those developer tools, e.g., VS Code or JetBrains, so developers don't have to think about it.""One improvement that I'd like to see is a cleaner for Splunk logs. It would be nice to have a middle man for anything we send or receive from Splunk forwarders. I'd love to see it get cleaned by GitGuardian or caught to make sure we don't have any secrets getting committed to Splunk logs."

More GitGuardian Internal Monitoring Cons →

Pricing and Cost Advice
  • "The pricing is really fair compared to a lot of other tools on the market."
  • "It is very reasonably priced compared to what we were paying our previous vendor. For the same price, we are getting much more value and reducing our AppSec costs from 40 to 50 percent."
  • "Veracode is one of the more expensive solutions in the market, but it is worth the expense because of the eLearning and the security consultations; everything is included in the license."
  • "Licensing cost is on a yearly basis and there are no additional costs, the pricing is straightforward."
  • "From a cost perspective, it seems okay, although we will probably evaluate alternatives next time it's up for renewal because for us, it's a relatively high cost, and we want to make sure that we are using our resources most appropriately."
  • "The pricing is a little on the high side but since we combine our product into one suite, it is easy to do and works well for us."
  • "It is quite good. If you adapt it for the whole organization, it is quite affordable. The pricing plans are good as compared to the other competitors, and any small, medium, or big company can easily adopt Veracode. Its cost includes deployment, training, and support for one year."
  • More Veracode Pricing and Cost Advice →

  • "The price of this solution could be less expensive."
  • "The licensing is very complex, it's project based and can range from $10,000 to $200,000+ depending on the project type and size."
  • More Fortify Application Defender Pricing and Cost Advice →

  • "We don't have a huge number of users, but its yearly rate was quite reasonable when compared to other per-seat solutions that we looked at... Having a free plan for a small number of users was really great. If you're a small team, I don't see why you wouldn't want to get started with it."
  • "It's a little bit expensive."
  • "You get what you pay for. It's one of the more expensive solutions, but it is very good, and the low false positive rate is a really appealing factor."
  • "The pricing and licensing are fair. It isn't very expensive and it's good value."
  • "The internal side is cheap per user. It is annual pricing based on the number of users."
  • "We have seen a return on investment. The amount of time that we would have spent manually doing this definitely outpaces the cost of GitGuardian. It is saving us about $35,000 a year, so I would say the ROI is about $20,000 a year."
  • "It could be cheaper. When GitHub secrets monitoring solution goes to general access and general availability, GitGuardian might be in a little bit of trouble from the competition, and maybe then they might lower their prices. The GitGuardian solution is great. I'm just concerned that they're not GitHub."
  • "It's not cheap, but it's not crazy expensive either."
  • More GitGuardian Internal Monitoring Pricing and Cost Advice →

    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    656,862 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis… more »
    Top Answer:The findings of their security analysis are wonderful. You can easily go through all the analyses done by Veracode. You… more »
    Top Answer:The UI could be better. Also, there are some scenarios where there is no security flaw, but the report indicates that… more »
    Top Answer:The most valuable features of Fortify Application Defender are the code packages that are default.
    Top Answer:Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy.
    Top Answer:I work for a local distributor for Micro Focus. We provide customers with a proof of values and we're showing them in… more »
    Top Answer:You can also assign tasks to specific teams or people to complete, such as assigning something to the "blue team" or… more »
    Top Answer:Everything is included in the Business version, so there are no extra costs. You can't take some parts out and add other… more »
    Top Answer:An area for improvement is the front end for incidents. The user experience in this area could be much better.
    Also Known As
    HPE Fortify Application Defender, Micro Focus Fortify Application Defender
    Learn More

    Veracode covers all your Application Security needs in one solution through a combination of five analysis types; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline, and empowers developers to find and fix security defects.

    Micro Focus Security Fortify Application Defender is a runtime application self-protection (RASP) solution that helps you manage and mitigate risk from homegrown or third-party applications. It provides centralized visibility into application use and abuse while protecting from software vulnerability exploits and other violations in real time.

    GitGuardian Internal Monitoring helps organizations detect and fix vulnerabilities in source code at every step of the software development lifecycle. With GitGuardian’s policy engine, security teams can monitor and enforce rules across their VCS, DevOps tools, and infrastructure-as-code configurations.

    Widely adopted by developer communities, GitGuardian is used by more than 200 thousand developers and is the #1 app in the security category on the GitHub Marketplace. GitGuardian is also trusted by leading companies, including Instacart, Genesys, Orange, Iress, Beyond Identity, NOW: Pensions, and Stedi.

    GitGuardian Internal Monitoring is an automated secrets detection and remediation platform. By reducing the risks of secrets exposure across the SDLC, GitGuardian helps software-driven organizations strengthen their security posture and comply with frameworks and standards.

    Its detection engine is trained against more than a billion public GitHub commits every year, and it covers 350+ types of secrets such as API keys, database connection strings, private keys, certificates, and more.

    GitGuardian brings security and development teams together with automated remediation playbooks and collaboration features to resolve incidents fast and in full. By pulling developers closer to the remediation process, organizations can achieve higher incident closing rates and shorter fix times.

    The platform integrates across the DevOps toolchain, including native support for continuously scanning VCS platforms like GitHub, Gitlab, Azure DevOps and Bitbucket or CI/CD tools like Jenkins, CircleCI, Travis CI, GitLab pipelines, and many more. It also integrates with ticketing and messaging systems like Splunk, PagerDuty, Jira and Slack to support teams with their incident remediation workflows. GitGuardian is offered as a SaaS platform but can also be hosted on-premise for organizations operating in highly regulated industries or with strict data privacy requirements.

    Keep your software secure

    Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.

    Learn more about Fortify Application Defender
    Learn more about GitGuardian Internal Monitoring
    Sample Customers
    State of Missouri, Rekner
    ServiceMaster, Saltworks, SAP
    Automox, 66degrees (ex Cloudbakers), Instacart, Iress, Now:Pensions, Payfit, Orange, Seequent, Stedi, Talend
    Top Industries
    Financial Services Firm30%
    Computer Software Company13%
    Insurance Company11%
    Healthcare Company7%
    Computer Software Company21%
    Financial Services Firm15%
    Comms Service Provider10%
    Manufacturing Company7%
    Computer Software Company18%
    Financial Services Firm15%
    Manufacturing Company10%
    Comms Service Provider9%
    Computer Software Company30%
    Insurance Company20%
    Marketing Services Firm10%
    Comms Service Provider29%
    Computer Software Company10%
    Financial Services Firm8%
    Company Size
    Small Business25%
    Midsize Enterprise27%
    Large Enterprise48%
    Small Business16%
    Midsize Enterprise13%
    Large Enterprise71%
    Small Business29%
    Midsize Enterprise14%
    Large Enterprise57%
    Small Business16%
    Midsize Enterprise10%
    Large Enterprise74%
    Small Business36%
    Midsize Enterprise36%
    Large Enterprise29%
    Small Business40%
    Midsize Enterprise6%
    Large Enterprise54%
    Buyer's Guide
    Fortify Application Defender vs. GitGuardian Internal Monitoring
    November 2022
    Find out what your peers are saying about Fortify Application Defender vs. GitGuardian Internal Monitoring and other solutions. Updated: November 2022.
    656,862 professionals have used our research since 2012.

    Fortify Application Defender is ranked 24th in Application Security Tools with 3 reviews while GitGuardian Internal Monitoring is ranked 6th in Application Security Tools with 12 reviews. Fortify Application Defender is rated 8.0, while GitGuardian Internal Monitoring is rated 8.8. The top reviewer of Fortify Application Defender writes "Secure, versatile cyber security technology ". On the other hand, the top reviewer of GitGuardian Internal Monitoring writes "Automates tasks and allows more individuals to be in involved in remediation, and the integration process is simple". Fortify Application Defender is most compared with SonarQube, Checkmarx, Coverity, Micro Focus Fortify on Demand and CAST Highlight, whereas GitGuardian Internal Monitoring is most compared with Snyk, SonarQube, Cycode, Checkmarx and Microsoft Purview Data Loss Prevention. See our Fortify Application Defender vs. GitGuardian Internal Monitoring report.

    See our list of best Application Security Tools vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.