No more typing reviews! Try our Samantha, our new voice AI agent.

Fortify Application Defender vs Polyspace Code Prover comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortify Application Defender
Ranking in Application Security Tools
33rd
Average Rating
7.8
Reviews Sentiment
6.6
Number of Reviews
11
Ranking in other categories
No ranking in other categories
Polyspace Code Prover
Ranking in Application Security Tools
30th
Average Rating
7.2
Reviews Sentiment
2.3
Number of Reviews
7
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Application Security Tools category, the mindshare of Fortify Application Defender is 1.5%, up from 0.7% compared to the previous year. The mindshare of Polyspace Code Prover is 1.3%, up from 1.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools Mindshare Distribution
ProductMindshare (%)
Polyspace Code Prover1.3%
Fortify Application Defender1.5%
Other97.2%
Application Security Tools
 

Featured Reviews

VS
CTO at Abcl
Useful for fast code review in devOps pipelines
I rate the tool's scalability a seven out of ten. However, I'm concerned about how it handles an increasing number of lines of code. As the complexity grows, so does the time it takes for the tool to review everything. I want more clarity on how Fortify Application Defender handles multiple threats. We have numerous endpoints, but the tool runs in our pipeline, meaning it operates in the cloud. All our code is configured there, and the tool runs integration testing, unit testing, user testing, and final production code tests. It's a day-to-day experience. It's utilized almost every day as part of our pipeline runs. Each team responsible for integration testing, human testing, user access testing, and preproduction testing runs it whenever they take a build.
reviewer2760282 - PeerSpot reviewer
General Manager at a manufacturing company with 10,001+ employees
Has struggled with performance and integration but supports critical safety verification
Execution speed of the tests and generally the integration into AWS-driven CI work chains or workflows represent how it can be improved in my opinion. Performance issues plus license costs are two main driving factors. The CI environments that we use employ up to around 40,000 virtual CPUs per day in peak, running at the same time. We always have problems distributing licenses accordingly with other products. I can talk to the experts doing the integration, but as far as I know, I was involved with Polyspace Code Prover and we had a lot of difficulties integrating it into our Bazel-driven CI toolchain, plus integrating it on the AWS environments in Linux that we use. It was much more straightforward using Code Sonar there. The reason is the execution speed, integration with Azure and stuff, and pricing. The CI integration and maybe a better-suited license model for CI-driven execution are other areas I recommend improving. That's something we discussed with all of the software companies whose products we use, such as compilers. We have a lot of parallel builds, and each call to a license server is actually problematic in the long run.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions."
"The solution helped us to improve the code quality of our organization."
"This is a great tool and the kind of support it provides is very helpful."
"It is one of those things that once you see it in action, it is pretty impressive."
"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"The product saves us cost and time."
"The most valuable features of Fortify Application Defender are the code packages that are default."
"I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy."
"Polyspace Code Prover is a very user-friendly tool."
"The product detects memory corruptions."
"Efficiency and speed are the advantages I see in Code Sonar over Polyspace Code Prover."
"Polyspace Code Prover has made me realize it differs from other static code analysis tools because it runs the code. So it's quite distinct in that aspect."
"When we work on safety modules, it is mandatory to fulfill ISO 26262 compliance. Using Prover helps fulfill the standard on top of many other quality checks, like division by zero, data type casts, and null pointer dereferences."
"The outputs are very reliable."
 

Cons

"Fortify Application Defender gives a lot of false positives."
"The false positive rate should be lower."
"The workbench is a little bit complex when you first start using it."
"I encountered many false positives for Python applications."
"The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."
"The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java."
"The licensing is very complex, it's project based and can range from $10,000 to $200,000+ depending on the project type and size."
"The solution is quite expensive."
"I'm still trying to use constraints with range propagation, but I can't get it to work properly, and I haven't found any documentation."
"I'd like the data to be taken from any format."
"One of the main disadvantages is the time it takes to initiate the first run."
"Because we had difficulties in efficiently integrating Polyspace Code Prover into our CI toolchain, these tests are mostly run manually and only occasionally."
"The tool has some stability issues."
"Using Code Prover on large applications crashes sometimes."
"Automation could be a challenge."
 

Pricing and Cost Advice

"The licensing is very complex, it's project based and can range from $10,000 to $200,000+ depending on the project type and size."
"The product’s price is much higher than other tools."
"I rate the solution's pricing a five out of ten. It comes as an annual cloud subscription. The tool's pricing is around 50 lakhs."
"Fortify Application Defender is very expensive."
"The price of this solution could be less expensive."
"The base licensing costs for the SaaS platform is about $900 USD per application, per year."
"We use the paid version."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
18%
Construction Company
10%
Manufacturing Company
9%
Comms Service Provider
6%
Manufacturing Company
38%
Aerospace/Defense Firm
6%
Computer Software Company
6%
Healthcare Company
4%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business3
Midsize Enterprise1
Large Enterprise8
By reviewers
Company SizeCount
Midsize Enterprise1
Large Enterprise6
 

Questions from the Community

Ask a question
Earn 20 points
What needs improvement with Polyspace Code Prover?
Execution speed of the tests and generally the integration into AWS-driven CI work chains or workflows represent how it can be improved in my opinion. Performance issues plus license costs are two ...
What is your primary use case for Polyspace Code Prover?
It is validation for Functional Safety applications in automotive.
What advice do you have for others considering Polyspace Code Prover?
We are actually trying to consolidate everything into one solution. To reduce, that might also be a new solution, but we're not currently actively looking for that. It's just that we'd prefer to fi...
 

Also Known As

HPE Fortify Application Defender, Micro Focus Fortify Application Defender
No data available
 

Overview

 

Sample Customers

ServiceMaster, Saltworks, SAP
Alenia Aermacchi, CSEE Transport, Delphi Diesel Systems, EADS, Institute for Radiological Protection and Nuclear Safety, Korean Air, KOSTAL, Miracor, NASA Ames Research Center
Find out what your peers are saying about Fortify Application Defender vs. Polyspace Code Prover and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.