We performed a comparison between Fortify Application Defender and GitGuardian Platform based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is that it analyzes data in real-time."
"The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology."
"The solution helped us to improve the code quality of our organization."
"The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions."
"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"The product saves us cost and time."
"Its ability to find security defects is valuable."
"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."
"I like GitGuardian's instant response. When you have an incident, it's reported immediately. The interface gives you a great overview of your current leaked secrets."
"When they give you a description of what happened, it's really easy to follow and to retest. And the ability to retest is something that you don't have in other solutions. If a secret was detected, you can retest if it is still there. It will show you if it is in the history."
"The most valuable feature of GitGuardian is that it finds tokens and passwords. That's why we need this tool. It minimizes the possibility of security violations that we cannot find on our own."
"It actually creates an incident ticket for us. We can now go end-to-end after a secret has been identified, to track down who owns the repository and who is responsible for cleaning it up."
"Presently, we find the pre-commit hooks more useful."
"GitGuardian has helped to increase our security team's productivity. Now, we don't need to call the developers all the time and ask what they are working on. I feel the solution bridged the gap between our team and the developers, which is really great. I feel that we need that in our company, since some of the departments are just doing whatever and you don't know what they are doing. I think GitGuardian does a good job of bridging the gap. It saves us about 10 hours per week."
"The breadth of the solution detection capabilities is pretty good. They have good categories and a lot of different types of secrets... it gives us a great range when it comes to types of secrets, and that's good for us."
"The most valuable feature is the alerts when secrets are leaked and we can look at particular repositories to see if there are any outstanding problems. In addition, the solution's detection capabilities seem very broad. We have no concerns there."
"The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."
"Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."
"The licensing can be a little complex."
"Fortify Application Defender gives a lot of false positives."
"I encountered many false positives for Python applications."
"The workbench is a little bit complex when you first start using it."
"The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java."
"The solution is quite expensive."
"One improvement that I'd like to see is a cleaner for Splunk logs. It would be nice to have a middle man for anything we send or receive from Splunk forwarders. I'd love to see it get cleaned by GitGuardian or caught to make sure we don't have any secrets getting committed to Splunk logs."
"There are some features that are lacking in GitGuardian. The more we grow and the more engineers we have, the more it will become difficult to assign an incident because the assignment is not automatic. I know they are working on that and we are waiting for it."
"I would like to see more fine-grained access controls when tickets are assigned for incidents. I would like the ability to provide more controls to the team leads or the product managers so that they can drive what we, the AppSec team, are doing."
"They could give a developer access to a dashboard for their team's repositories that just shows their repository secrets. I think more could be exposed to developers."
"GitGuardian's hook and dashboard scanners are the two entities. They should work together as one. We've seen several discrepancies where the hook is not being flagged on the dashboard. I still think they need to do some fine-tuning around that. We don't want to waste time."
"We have encountered occasional difficulties with the Single Sign-On process."
"GitGuardian encompasses many secrets that companies might have, but we are a Microsoft-only organization, so there are some limitations there in terms of their honey tokens. I'd like for it to not be limited to Amazon-based tokens. It would be nice to see a broader set of providers that you could pick from."
"There is room for improvement in its integration for bug-tracking. It should be more direct. They have invested a lot in user management, but they need to invest in integrations. That is a real lack."
Fortify Application Defender is ranked 34th in Application Security Tools with 10 reviews while GitGuardian Platform is ranked 8th in Application Security Tools with 21 reviews. Fortify Application Defender is rated 8.0, while GitGuardian Platform is rated 9.0. The top reviewer of Fortify Application Defender writes "Reliable solution with excellent machine learning algorithms but expensive and lacking support". On the other hand, the top reviewer of GitGuardian Platform writes "It dramatically improved our ability to detect secrets, saved us time, and reduced our mean time to remediation". Fortify Application Defender is most compared with Checkmarx One, Coverity, CAST Application Intelligence Platform, SonarQube and Qualys Web Application Scanning, whereas GitGuardian Platform is most compared with SonarQube, Cycode, GitHub Advanced Security, Snyk and Veracode. See our Fortify Application Defender vs. GitGuardian Platform report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
