We performed a comparison between Fortify Application Defender, Kiuwan, and SonarQube based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."The most valuable features of Fortify Application Defender are the code packages that are default."
"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."
"The most valuable feature is that it analyzes data in real-time."
"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions."
"I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy."
"The solution helped us to improve the code quality of our organization."
"The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology."
"I have found the security and QA in the source code to be most valuable."
"It provides value by offering options to enhance both code quality and the security of the company."
"The most valuable feature of the solution stems from the fact that it is quick when processing and giving an output or generating a report."
"I like that I can scan the code without sending it to the Kiuwan cloud. I can do it locally on my device. When the local analyzer finishes, the results display on the dashboard in the cloud. It's essential for security purposes to be able to scan my code locally."
"The feature that I have found the most valuable in Kiuwan is the speed of scanning. Compared to other SaaS tools I have used, Kiuwan is much quicker in performing scans. I have not yet used it on a large code base, but from what I have experienced, it is efficient and accurate. Additionally, I have used it both manually and in an automated pipeline, and both methods have been effective. The speed of scanning is what makes it valuable to me."
"I personally like the way it breaks down security vulnerabilities with LoC at first glance."
"The solution has a continuous integration process."
"I've found the reporting features the most helpful."
"We have worked with the support from SonarQube and we have had good experiences."
"Strong code evaluation for budget-minded clients."
"The most valuable feature of this solution is that it is free."
"The software quality gate streamlines the product's quality."
"We've configured it to run on each commit, providing feedback on our software quality. ]"
"SonarQube: Recording of issues over a period of time, with an indication of the addition in the new issues or the reduction of existing issues (which were fixed)."
"It is working fine. It provides a good value for money."
"Apart from the security point of view, I like that it makes it easy to detect code smells and other issues in terms of code quality and standards."
"The workbench is a little bit complex when you first start using it."
"Support for older compilers/IDEs is lacking."
"The solution is quite expensive."
"I encountered many false positives for Python applications."
"The false positive rate should be lower."
"The licensing can be a little complex."
"The product should integrate industry-standard code review tools internally with its system. This would streamline the coding process, as developers wouldn't need multiple tools for code review and security checks. Many independent and open-source tools are available, from Apache to various libraries. Using multiple DevOps pipeline tools can slow the turnaround time."
"Fortify Application Defender gives a lot of false positives."
"It would be beneficial to streamline calls and transitions seamlessly for improved functionality."
"The next release should include more flexibility in the reporting."
"The solution seems to give us a lot of false positives. This could be improved quite a bit."
"It could improve its scalability abilities."
"The development-to-delivery phase."
"Kiuwan's support has room for improvement. You can only open a ticket is through email, and the support team is outside of our country. They should have a support number or chat."
"The configuration hasn't been that good."
"I would like to see additional languages supported."
"New plug-ins should be integrated into SonarCloud to give more flexibility to the product."
"The time it took for me to do the whole process was approximately two hours because I had to download, read the documentation, and do the configurations."
"If the product could assist us with fixing issues by giving us more pointers then it would help to resolve more of the warnings without such a commitment in terms of time."
"There could be better integration with other products."
"During the setup process, we only had one issue related to the number of available files. To perform the analysis, you have quite a lot of available file handles, so we had to increase that limit."
"Expression of common vulnerabilities and exposures is not always current."
"Technical support and the price could be better."
"I am not very pleased with the technical debt computation."
