We performed a comparison between Fortify Application Defender, Kiuwan, and Veracode based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."The most valuable feature is that it analyzes data in real-time."
"The product saves us cost and time."
"The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions."
"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"The most valuable features of Fortify Application Defender are the code packages that are default."
"Its ability to find security defects is valuable."
"I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy."
"The solution helped us to improve the code quality of our organization."
"I find it immensely helpful because it's not just about generating code; it's about ensuring efficiency in the execution."
"I've tried many open source applications and the remediation or correction actions that were provided by Kiuwan were very good in comparison."
"I like that I can scan the code without sending it to the Kiuwan cloud. I can do it locally on my device. When the local analyzer finishes, the results display on the dashboard in the cloud. It's essential for security purposes to be able to scan my code locally."
"The most valuable feature of the solution stems from the fact that it is quick when processing and giving an output or generating a report."
"We are using this solution to increase the quality of our software and to test the vulnerabilities in our tools before the customers find them."
"I personally like the way it breaks down security vulnerabilities with LoC at first glance."
"Lifecycle features, because they permit us to show non-technical people the risk and costs hidden into the code due to bad programming practices."
"Software analytics for a lot of different languages including ABAP."
"The Static and Dynamic Analysis capabilities are very valuable to us. They've improved the speed of the inspection process."
"The solution's ability to help create secure software is very valuable. We're a zero-trust networking company so we want to have the ability to say that we're practicing security seriously. Having something like Veracode allows us to have confidence when we're speaking to people about our product that we can back up what we're doing with a certification, with a reputable platform, and say, "This is what we're using to scan an application. Here's the number of vulnerabilities that are on an application. And here's the risk that we're accepting.""
"This static analysis helps ensure a secure application rollout across all environments."
"Code analysis tool to help identify code issues before entered into production."
"Veracode's cloud-based approach, coupled with the appliance that lets us use Veracode to scan internal-only web applications, has provided a seamless, always-up-to-date application security scanning solution."
"It is great to have such insight into code without having to upload the source code at all. It saves a lot of NDA paperwork. The Visual Studio plugin allows the developer to seamlessly upload the code and get results as he works, with no manual upload. The code review function is great. It allows you to find flaws in source code."
"We are using the Veracode tools to expose the engineers to the security vulnerabilities that were introduced with the new features, i.e. a lot faster or sooner in the development life cycle."
"It has an easy-to-use interface."
"Support for older compilers/IDEs is lacking."
"Fortify Application Defender gives a lot of false positives."
"I encountered many false positives for Python applications."
"The licensing can be a little complex."
"The solution is quite expensive."
"The product should integrate industry-standard code review tools internally with its system. This would streamline the coding process, as developers wouldn't need multiple tools for code review and security checks. Many independent and open-source tools are available, from Apache to various libraries. Using multiple DevOps pipeline tools can slow the turnaround time."
"The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."
"Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."
"I would like to see better integration with the Visual Studio and Eclipse IDEs."
"I would like to see better integration with Azure DevOps in the next release of this solution."
"It would be beneficial to streamline calls and transitions seamlessly for improved functionality."
"Perhaps more languages supported."
"The QA developer and security could be improved."
"Integration of the programming tools could be improved."
"The solution seems to give us a lot of false positives. This could be improved quite a bit."
"The development-to-delivery phase."
"It will be beneficial for developers if Veracode Greenlight includes Python."
"I would love to be able to do a dynamic sandbox scan. I think that that would allow us to really get a lot more buy-in from the software development teams."
"In the future, I would like to see the RASP capability built-in."
"Mitigation review isn't always super easy."
"The pricing for qualified startups such as Neo4j could be improved."
"Their scanning engine is sometimes a little bit slow. They can improve the scan time."
"I'd like to see an improved component of it work in a DevOps world, where the scanning speed does not impede progress along the AppSec pipeline."
"We connected with Veracode's support a couple of times, and we got a different answer each time."