We performed a comparison between Fortify Application Defender and Micro Focus Fortify on Demand based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"The findings of their security analysis are wonderful. You can easily go through all the analyses done by Veracode. You can see what are the flaws and what could be the best possible resolution to minimize those flaws in the application. When an application is being used by the public, security is a challenge. Veracode helps us to analyze all the security flaws, discrepancies, and vulnerabilities inside the application. It provides good reports."
"It is easy to use for us developers. It supports so many languages: C#, .NET Core, .NET Framework, and it even scans some of our JavaScript. You just need the extension to upload the files and the reports are generated with so much detail."
"You can easily integrate it with Azure DevOps. This is an added value because we work with Azure DevOps. Veracode is natively supported and we don't have to work with APIs."
"Another feature of Veracode is that they provide e-learning, but the e-learning is not basic, rather it is quite advanced... in the e-learning you can check into best practices for developing code and how to prevent improper management of some component of the code that could lead to a vulnerability. The e-learning that Veracode provides is an extremely good tool."
"My experience with Veracode across the board every time, in all products, the technology, the product, the service, and the salespeople is fabulous."
"Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM to verify that everything's going well. If we have any outstanding issues, they get serviced and addressed."
"The most valuable features are that you can do static analysis and dynamic analysis on a scheduled basis and that you can push the findings into JIRA."
"There are quite a few features that are very reliable, like the newly launched Veracode Pipelines Scan, which is pretty awesome. It supports the synchronous pipeline pretty well. We been using it out of the Jira plugin, and that is fantastic."
"The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions."
"The most valuable features of Fortify Application Defender are the code packages that are default."
"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."
"It is a very easy tool for developers to use in parallel while they're doing the coding. It does auto scanning as we are progressing with the CI/CD pipeline. It has got very simple and efficient API support."
"Being able to reduce risk overall is a very valuable feature for us."
"It is an extremely robust, scalable, and stable solution."
"Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out."
"The vulnerability detection and scanning are awesome features."
"The SAST feature is the most valuable."
"The user interface is good."
"Fortify supports most languages. Other tools are limited to Java and other typical languages. IBM's solutions aren't flexible enough to support any language. Fortify also integrates with lots of tools because it has API support."
"The solution could improve the Dynamic Analysis Security Testing(DAST)."
"I think if they could improve the operations around accepted vulnerabilities, we would see improvements in our productivity."
"Sometimes the scans are not done quickly, but the solutions that it provides are really good. The quality is high, but the analysis is not done extremely quickly."
"If the dynamic scan is improved, then the speed might go up. That is somehow not happening. We have raised this concern. It might also help if they could time limit scans to 24 hours instead of letting them go for three days. Then, whatever results could be shared, even if the scan is not complete, that would definitely help us."
"The reports on offer are too verbose."
"There is much to be desired of UI and user experience. The UI is very slow. With every click, it just takes a lot of time for the pages to load. We have seen this consistently since getting this solution. The UI and UX are very disjointed."
"Sometimes, I get feedback from a developer saying, "They are scanning a Python code, but getting feedback around Java code." While the remediation and guidelines are there, improvement is still required, e.g., you won't get the exact guidelines, but you can get some sort of a high-level insights."
"When it comes to the speed of the pipeline scan, one of the things we have found with Veracode is that it's very fast with Java-based applications but a bit slow with C/C++ based applications. So we have implemented the pipeline scan only for Java-based applications not for the C/C++ applications."
"The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."
"Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."
"The licensing can be a little complex."
"During development, when our developer makes changes to their code, they typically use GitHub or GitLab to track those changes. However, proper integration between Fortify on Demand and GitHub and GitLab is not there yet. Improved integration would be very valuable to us."
"I would like to see improvement in CI integration and integration with GitLab or Jenkins. It needs to be more simple."
"There are lots of limitations with code technology. It cannot scan .net properly either."
"They have a release coming out, which is full of new features. Based on their roadmap, there's nothing that I would suggest for them to put in it that they haven't already suggested. However, I am a customer, so I always think the pricing is something that could be improved. I am working with them on that, and they're very flexible. They work with their customers and kind of tailor the product to the customer's needs. So far, I am very happy with what they're able to provide. Their subscriptions could use a little bit of a reworking, but that would be about it."
"It does scanning for all virtual machines and other things, but it doesn't do the scanning for containers. It currently lacks the ability to do the scanning on containers. We're asking their product management team to expand this capability to containers."
"Reporting could be improved."
"Micro Focus Fortify on Demand could improve the user interface by making it more user-friendly."
"Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve."
More Micro Focus Fortify on Demand Pricing and Cost Advice →
Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.
Fortify Application Defender is ranked 22nd in Application Security Tools with 3 reviews while Micro Focus Fortify on Demand is ranked 7th in Application Security Tools with 21 reviews. Fortify Application Defender is rated 8.0, while Micro Focus Fortify on Demand is rated 8.0. The top reviewer of Fortify Application Defender writes "Secure, versatile cyber security technology ". On the other hand, the top reviewer of Micro Focus Fortify on Demand writes "Makes it easy to discover hidden vulnerabilities in our open source libraries". Fortify Application Defender is most compared with SonarQube, Checkmarx, Coverity, Sonatype Nexus Lifecycle and Tenable.io Web Application Scanning, whereas Micro Focus Fortify on Demand is most compared with SonarQube, Checkmarx, Coverity, Fortify WebInspect and Micro Focus Software Security Center. See our Fortify Application Defender vs. Micro Focus Fortify on Demand report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
