Fortify on Demand vs GitLab comparison

Fortify on Demand
Read 58 Fortify on Demand reviews
  • 9,562 Views
  • 7,085 Comparison Views
89% willing to recommend
GitLab
Read 74 GitLab reviews
  • 4,435 Views
  • 3,574 Comparison Views
97% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Fortify on Demand and GitLab based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Fortify on Demand vs. GitLab Report (Updated: July 2024).
Buyer's Guide
Fortify on Demand vs. GitLab
July 2024
Download the complete report
Helped 793,295 peers since 2012
 

Categories and Ranking

Fortify on Demand
Ranking in Application Security Tools
8th
Ranking in Static Application Security Testing (SAST)
9th
Average Rating
8.0
Number of Reviews
58
Ranking in other categories
No ranking in other categories
GitLab
Ranking in Application Security Tools
6th
Ranking in Static Application Security Testing (SAST)
6th
Average Rating
8.4
Number of Reviews
74
Ranking in other categories
Build Automation (1st), Release Automation (2nd), Rapid Application Development Software (10th), Software Composition Analysis (SCA) (6th), Enterprise Agile Planning Tools (2nd), Fuzz Testing Tools (2nd), DevSecOps (3rd)
 

Mindshare comparison

As of July 2024, in the Application Security Tools category, the mindshare of Fortify on Demand is 4.8%, up from 4.2% compared to the previous year. The mindshare of GitLab is 3.9%, up from 2.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
Unique Categories:
Static Application Security Testing (SAST)
5.0%
Build Automation
23.6%
Release Automation
36.5%
 

Featured Reviews

CP
Jul 6, 2023
Seamless integration with various platforms and products, providing a centralized and comprehensive security analysis solutionand
Our CSD team used multiple tools for different scenarios. When dealing with sophisticated threats or vulnerabilities, manual analysis was necessary alongside Fortify's machine-based analysis. So, in handling complicated vulnerabilities, we couldn't rely on just one tool. Multiple tools were required. One such tool was OS Zap Proxy. We integrated Zap Proxy with Fortify, and this integration proved quite useful. Instead of relying solely on Fortify's dashboard, we integrated it with other tools, which made more sense. The security analysts, up to the level of the CSO, wouldn't rely only on a single dashboard. They used multiple tools to detect and work on vulnerabilities across various platforms and products. Fortify seamlessly integrates all these aspects.
Read full review
Nakul Kundaliya - PeerSpot reviewer
Oct 8, 2022
Scalable, automatic code merging, and free version available
We are using GitLab for code management. We put code onto their servers. This allows developers to have a centralized place for code collaboration GitLab has helped our company save time. In our current project, we have split the job into two parts, one team is working on one particular feature…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is that it connects with your development platforms, such as Microsoft Information Server and Jira."
"The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it."
"We identified a lot of security vulnerability much earlier in the development and could fix this well before the product was rolled out to a huge number of clients."
"The most valuable features are the detailed reporting and the ability to set up deep scanning of the software, both of which are in the same place."
"Micro Focus WebInspect and Fortify code analysis tools are fully integrated with SSC portals and can instantly register to error tracking systems, like TFS and JIRA."
"We have the option to test applications with or without credentials."
"Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning."
"The static code analyzers are the most valuable features of this solution."
More Fortify on Demand pros
"We use the Git repository and tagging feature. We are a product-based company and use this solution to move to a forward or backward tag."
"Of all available products, it was the easiest to use and easy to install."
"GitLab integrates well with other platforms."
"The most valuable feature of GitLab is its security."
"The most valuable features of Gitlab are integration with CIE and the ability to rapidly deploy solutions, projects, and applications. It is very easy to use, and there are no complaints."
"The most valuable feature of GitLab is the ability to upload scripts and make changes when needed and then reupload them. Additionally, the solution is user-friendly."
"The solution's most valuable feature is that it is compatible with GitHub. The product's integration capabilities are sufficient for our small company of 35 people."
"The initial setup of GitLab is pretty simple, with no complications."
More GitLab pros
 

Cons

"It natively supports only a few languages. They can include support for more native languages. The response time from the support team can also be improved. They can maybe include video tutorials explaining the remediation process. The remediation process is sometimes not that clear. It would be helpful to have videos. Sometimes, the solution that the tool gives in the GUI is not straightforward to understand for the developer. At present, for any such issues, you have to create a ticket for the support team and request help from the support team."
"The biggest deficiency is the integration with bug tracker systems. It might be better if the configuration screen presented for accessing the bug tracking systems could provide some flexibility."
"If you have a continuous integration in place, for example, and you want it to run along with your build and you want it to be fast, you're not going to get it. It adds to your development time."
"The reporting capabilities need improvement, as there are some features that we would like to have but are not available at the moment."
"In terms of what could be improved, we need more strategic analysis reports, not just for one specific application, but for the whole enterprise. In the next release, we need more reports and more analytic views for all the applications. There is no enterprise view in Fortify. I would like enterprise views and reports."
"Micro Focus Fortify on Demand could improve the user interface by making it more user-friendly."
"The technical support is actually a problem that needs to be addressed. Since the acquisition and merger with Hewlett Packard, it has been really hard to know who the technical or salesperson to talk to."
"It could have a little bit more streamlined installation procedure. Based on the things that I've done, it could also be a bit more automated. It is kind of taking a bunch of different scanners, and SSC is just kind of managing the results. The scanning doesn't really seem to be fully integrated into the SSC platform. More automation and any kind of integration in the SSC platform would definitely be good. There could be a way to initiate scans from SSC and more functionality on the server-side to initiate desk scans if it is not already available."
More Fortify on Demand cons
"The solution should be more cloud-native and have more cloud-native capabilities and features."
"We'd like to see better integration with the Atlassian ecosystem."
"GitLab could consider introducing a code-scanning tool. Purchasing such tools from external markets can incur charges, which might not be favorable. Integrating these features into GitLab would streamline the pipeline and make it more convenient for users."
"The documentation is confusing."
"I used Spring Cloud config and to connect that to GitLab was so hard."
"It is a little complex to set up the pipelines within the solution."
"You need to have a good knowledge of the product in order to use it."
"GitLab could improve by having more plugins and better user-friendliness."
More GitLab cons
 

Pricing and Cost Advice

"It is quite expensive. Pricing and the licensing model could be improved."
"It is cost-effective."
"The pricing model it's based on how many applications you wish to scan."
"It's a yearly contract, but I don't remember the dollar amount."
"We used the one-time application, Security Scan Dynamic. I believe the original fee was $8,000."
"The licensing was good because the licenses have the heavy centralized server."
"Their subscriptions could use a little bit of a reworking, but I am very happy with what they're able to provide."
"I believe the rental license is not too expensive, but it provides a lot of information about the vulnerabilities."
More Fortify on Demand pricing and cost advice
"My company uses the free version of GitLab, which is GitLab Community Edition. There is a licensed version also available for GitLab."
"On a scale of one to ten, where one is cheap, and ten is expensive, I rate the pricing a five out of ten."
"The solution is free."
"It seems reasonable. Our IT team manages the licenses."
"This is an open-source solution."
"Its price is fine. It is on the cheaper side and not expensive. You have to pay additionally for GitLab CI/CD minutes. Initially, we used the free version. When we ran out of GitLab minutes, we migrated to the paid version."
"There are different licensing options available, including a free limited-user license."
"The solution is based on a subscription model and is reasonably priced."
More GitLab pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
See recommendations
793,295 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
19%
Computer Software Company
14%
Manufacturing Company
12%
Government
9%
Educational Organization
27%
Computer Software Company
12%
Financial Services Firm
11%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Micro Focus Fortify on Demand?
It helps deploy and track changes easily as per time-to-time market upgrades.
See all answers
What is your experience regarding pricing and costs for Micro Focus Fortify on Demand?
Fortify on Demand is more expensive than Burpsuite. I rate its pricing a nine out of ten.
See all answers
What needs improvement with Micro Focus Fortify on Demand?
The product has a lot of false positives. If the outputs can have fewer false positives, then that will be the greatest benefit the tool can offer.
See all answers
What do you like most about GitLab?
I find the features and version control history to be most valuable for our development workflow. These aspects provide us with a clear view of changes and help us manage requests efficiently.
See all answers
What is your experience regarding pricing and costs for GitLab?
For small-scale usage, GitLab offers a free tier. For enterprise pricing, GitLab is more expensive than GitHub, as it's not as widely adopted. GitLab is the preferred choice for many developers des...
See all answers
What needs improvement with GitLab?
I believe there's room for improvement in the advanced features, particularly in enhancing the pipeline functionalities. Better integration and usability within the pipeline could make a significan...
See all answers
 

Comparisons

SonarQube vs Fortify on Demand Logo
SonarQube vs Fortify on Demand
Compared 19% of the time
Checkmarx One vs Fortify on Demand Logo
Checkmarx One vs Fortify on Demand
Compared 15% of the time
Veracode vs Fortify on Demand Logo
Veracode vs Fortify on Demand
Compared 15% of the time
Coverity vs Fortify on Demand Logo
Coverity vs Fortify on Demand
Compared 9% of the time
Fortify WebInspect vs Fortify on Demand Logo
Fortify WebInspect vs Fortify on Demand
Compared 4% of the time
More Fortify on Demand Competitors
Microsoft Azure DevOps vs GitLab Logo
Microsoft Azure DevOps vs GitLab
Compared 49% of the time
SonarQube vs GitLab Logo
SonarQube vs GitLab
Compared 6% of the time
AWS CodePipeline vs GitLab Logo
AWS CodePipeline vs GitLab
Compared 5% of the time
Bamboo vs GitLab Logo
Bamboo vs GitLab
Compared 5% of the time
Tekton vs GitLab Logo
Tekton vs GitLab
Compared 4% of the time
More GitLab Competitors
 

Product Reports

Buyer's Guide
Fortify on Demand
July 2024
Fortify on Demand reportDownload Fortify on Demand product report
Buyer's Guide
GitLab
July 2024
GitLab reportDownload GitLab product report
 

Also Known As

Micro Focus Fortify on Demand
Fuzzit
 

Learn More

OpenText
GitLab
 

Overview

Fortify on Demand is a web application security testing tool that enables continuous monitoring. The solution is designed to help you with security testing, vulnerability management and tailored expertise, and is able to provide the support needed to easily create, supplement, and expand a software security assurance program without the need for additional infrastructure or resources.

Fortify on Demand Features

Fortify on Demand has many valuable key features. Some of the most useful ones include:

  • Deployment flexibility
  • Scalability
  • Built for DevSecOps
  • Ease of use
  • Supports 27+ languages
  • Real-time vulnerability identification with
  • Security Assistant
  • Actionable results in less than 1 hour for most applications with DevOps automation
  • Expanded coverage, accuracy and remediation details with IAST runtime agent
  • Continuous application monitoring of production applications
  • Virtual patches
  • Supports iOS and Android mobile applications
  • Security vulnerability identification
  • Behavioral and reputation analysis

Fortify on Demand Benefits

There are several benefits to implementing Fortify on Demand. Some of the biggest advantages the solution offers include:

  • Fast remediation: With Fortify on Demand you can achieve fast remediation throughout the software lifecycle with robust assessments by a team of security experts.
  • Easy integration: The solution’s integration ecosystem is easy to use, creating a more secure software supply chain.
  • Security testing: Fortify on Demand covers in-depth mobile app security testing, open-source analysis, and vendor application security management, in addition to static and dynamic testing.

Reviews from Real Users

Below are some reviews and helpful feedback written by PeerSpot users currently using the Fortify on Demand solution.

Dionisio V., Senior System Analyst at Azurian, says, "One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that." He goes on to add, “Another reason I like Fortify on Demand is because our code often includes open source libraries, and it's important to know when the library is outdated or if it has any known vulnerabilities in it. This information is important to us when we're developing our solutions and Fortify on Demand informs us when it detects any vulnerable open source libraries.”

A Security Systems Analyst at a retailer mentions, “Being able to reduce risk overall is a very valuable feature for us.”

Jayashree A., Executive Manager at PepsiCo, comments, “Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning. When we are exploring some of the endpoints this solution identifies many loopholes that hackers could utilize for an attack. This has been very helpful and surprising how many vulnerabilities there can be.”

A Principal Solutions Architect at a security firm explains, “Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out.”

PeerSpot user Mamta J., Co-Founder at TechScalable, states, "Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."

GitLab is a complete DevOps platform that enables teams to collaborate and deliver software faster. 

It provides a single application for the entire DevOps lifecycle, from planning and development to testing, deployment, and monitoring. 

With GitLab, teams can streamline their workflows, automate processes, and improve productivity.

 

Sample Customers

SAP, Aaron's, British Gas, FICO, Cox Automative, Callcredit Information Group, Vital and more.
1. NASA  2. IBM  3. Sony  4. Alibaba  5. CERN  6. Siemens  7. Volkswagen  8. ING  9. Ticketmaster  10. SpaceX  11. Adobe  12. Intuit  13. Autodesk  14. Rakuten  15. Unity Technologies  16. Pandora  17. Electronic Arts  18. Nordstrom  19. Verizon  20. Comcast  21. Philips  22. Deutsche Telekom  23. Orange  24. Fujitsu  25. Ericsson  26. Nokia  27. General Electric  28. Cisco  29. Accenture  30. Deloitte  31. PwC  32. KPMG
Buyer's Guide
Fortify on Demand vs. GitLab
July 2024
Free Report: Fortify on Demand vs. GitLab
Find out what your peers are saying about Fortify on Demand vs. GitLab and other solutions. Updated: July 2024.
DOWNLOAD NOW
793,295 professionals have used our research since 2012.
See our Fortify on Demand vs. GitLab report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.