We performed a comparison between Fortify Application Defender and GitHub based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."
"I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy."
"The solution helped us to improve the code quality of our organization."
"The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology."
"The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions."
"The most valuable features of Fortify Application Defender are the code packages that are default."
"The product saves us cost and time."
"GitHub is the best tool for source repositories."
"This solution is very easy to use which I like about it. The capacity to own artifacts and share them with others is another good feature. You don't have to write all your code from scratch, you can use available templates and alter the code according to your needs."
"The most valuable feature is help offered by the community for open-source projects."
"The product has a good UI. It's simple and easy to access, and technical help is easily available. The two-factor authentication security is another valuable feature."
"I find GitHub very user friendly."
"GitHub's version control is valuable."
"GitHub have a built-in software application development environment and this has been most useful."
"It is really simple to set up."
"The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java."
"The false positive rate should be lower."
"The workbench is a little bit complex when you first start using it."
"Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."
"The solution is quite expensive."
"The product should integrate industry-standard code review tools internally with its system. This would streamline the coding process, as developers wouldn't need multiple tools for code review and security checks. Many independent and open-source tools are available, from Apache to various libraries. Using multiple DevOps pipeline tools can slow the turnaround time."
"The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."
"Support for older compilers/IDEs is lacking."
"The security for this solution could be tightened up and improved."
"GitHub should provide more integration in their next release, including integrating with Jenkins, CI/CD and Jira."
"GitHub could have better integration or capability with other solutions."
"There is a bit of a learning curve."
"The development team pushes the code into a repository, and the CI/CD pipeline will perform the build. We need open-source libraries to perform the builds. It would be helpful to have the ability to link to open-source libraries like npm libraries. I don't know if GitHub Actions provides this. I would like to see that in GitHub Actions if they don't."
"While using the solution when merging two code branches the code becomes a bit messy. This should be improved in the future."
"It is currently only from the development perspective. It doesn't have features related to project management and testing. It is not like Azure. So, there is a lot of room for improvement. It is a version control product, and it would be good if they can come up with a complete DevOps product."
"If something has to be moved into approvals, and if they don't approve it in a few hours, then they should move the approval request to some other user, or they should have a way to escalate it."
Fortify Application Defender is ranked 30th in Application Security Tools with 11 reviews while GitHub is ranked 13th in Application Security Tools with 64 reviews. Fortify Application Defender is rated 7.8, while GitHub is rated 8.6. The top reviewer of Fortify Application Defender writes "Useful for fast code review in devOps pipelines ". On the other hand, the top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". Fortify Application Defender is most compared with Checkmarx One, Coverity, CAST Application Intelligence Platform, SonarQube and Qualys Web Application Scanning, whereas GitHub is most compared with Snyk, AWS CodeCommit, Bitbucket, Atlassian SourceTree and Fortify on Demand. See our Fortify Application Defender vs. GitHub report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
