We performed a comparison between Fortify on Demand and ShiftLeft based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."I don’t know of any other On-Demand enterprise solution like this one where we can load the details and within a few days, receive the results of intrusion attacks, and work with HP Security Experts when needed for clarification"
"The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it."
"Fortify helps us to stay updated with the newest languages and versions coming out."
"The solution is user-friendly."
"What stands out to me is the user-friendliness of each feature."
"Fortify on Demand is easy to use and the reporting is good."
"The licensing was good."
"The most valuable features of Micro Focus Fortify on Demand have been SAT analysis and application security."
"When it comes to ShiftLeft, the most valuable feature is definitely its ease of use and cost-effectiveness."
"If you have a continuous integration in place, for example, and you want it to run along with your build and you want it to be fast, you're not going to get it. It adds to your development time."
"It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the overall time span to scan the code, and even to set up the code scanning, is a bit overwhelming for regular developers."
".NET code scanning is still dependent on building the code base before running any scan. Also, it's dependent on an IDE such as Visual Studio."
"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."
"With Rapid7 I utilized its reporting capabilities to deliver Client Reports within just a few minutes of checking the data. I believe that HP’s FoD Clients could sell more services to clients if HP put more effort into delivering visually pleasing reporting capabilities."
"The thing that could be improved is reducing the cost of usage and including some of the most pricey features, such as dynamic analysis and that sort of functionality, which makes the difference between different types of tools."
"It would be highly beneficial if Fortify on Demand incorporated runtime analysis, similar to how Contrast Security utilizes agents for proactive application security."
"Fortify on Demand could be improved with support in Russia."
"Having support from senior management is crucial in making it mandatory for teams to collaborate with the security team throughout the development process."
Fortify on Demand is ranked 11th in Application Security Tools with 56 reviews while ShiftLeft is ranked 26th in Application Security Tools with 1 review. Fortify on Demand is rated 8.0, while ShiftLeft is rated 10.0. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of ShiftLeft writes "Effectively in identify and fix bugs early in the development lifecycle". Fortify on Demand is most compared with SonarQube, Checkmarx One, Veracode, Coverity and Fortify WebInspect, whereas ShiftLeft is most compared with SonarQube, Black Duck and Semgrep Supply Chain.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.