Jan 11, 2019
I think the benefit of Fortify on Demand is that it covers all the scan types: DAST, SAST. RASP, and Mobile. The research team that builds the vuln database is solid and well-staffed.
Fortify on Demand and SonarQube Server are both key players in software security and quality. While Fortify on Demand leads with its cloud-based approach and vulnerability coverage, SonarQube Server is noted for language support and continuous analysis integration.
Features: Fortify on Demand offers advanced compliance with standards like HIPAA, linking static and dynamic results with detailed guidance. It integrates with development platforms, centralizes management, and tracks vulnerabilities efficiently. SonarQube Server provides a comprehensive dashboard for code metrics, allows customizable profiles and gates, and facilitates early issue detection in the development process.
Room for Improvement: Fortify on Demand needs better false positive management and reporting capabilities, and improved integration with incident systems. Users also report slow scan speeds and complex integrations. SonarQube Server could enhance its security analysis and false positive handling, as well as improve bug tracking integration and documentation quality.
Ease of Deployment and Customer Service: Fortify offers flexible deployment across cloud and on-premises, though its customer support can be inconsistent. SonarQube, primarily an on-premises solution, benefits from community support, with enterprise support needing improvement compared to Fortify's dedicated teams.
Pricing and ROI: Fortify on Demand is viewed as pricey due to its subscription model but provides significant security benefits. SonarQube offers a free community version for smaller projects with licensing fees for the enterprise version, which remains affordable due to its open-source nature, despite its higher pricing compared to Fortify.
Fortify on Demand is a web application security testing tool that enables continuous monitoring. The solution is designed to help you with security testing, vulnerability management and tailored expertise, and is able to provide the support needed to easily create, supplement, and expand a software security assurance program without the need for additional infrastructure or resources.
Fortify on Demand Features
Fortify on Demand has many valuable key features. Some of the most useful ones include:
Fortify on Demand Benefits
There are several benefits to implementing Fortify on Demand. Some of the biggest advantages the solution offers include:
Reviews from Real Users
Below are some reviews and helpful feedback written by PeerSpot users currently using the Fortify on Demand solution.
Dionisio V., Senior System Analyst at Azurian, says, "One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that." He goes on to add, “Another reason I like Fortify on Demand is because our code often includes open source libraries, and it's important to know when the library is outdated or if it has any known vulnerabilities in it. This information is important to us when we're developing our solutions and Fortify on Demand informs us when it detects any vulnerable open source libraries.”
A Security Systems Analyst at a retailer mentions, “Being able to reduce risk overall is a very valuable feature for us.”
Jayashree A., Executive Manager at PepsiCo, comments, “Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning. When we are exploring some of the endpoints this solution identifies many loopholes that hackers could utilize for an attack. This has been very helpful and surprising how many vulnerabilities there can be.”
A Principal Solutions Architect at a security firm explains, “Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out.”
PeerSpot user Mamta J., Co-Founder at TechScalable, states, "Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."
SonarQube Server enhances code quality and security via static code analysis. It detects vulnerabilities, improves standards, and reduces technical debt, integrating into CI/CD pipelines.
SonarQube Server is a comprehensive tool for enhancing code quality and security. It offers static code analysis to identify vulnerabilities, improve coding standards, and reduce technical debt. By integrating into CI/CD pipelines, it provides automated checks for adherence to best practices. Organizations use it for code inspection, security testing, and compliance, ensuring development environments with better maintainability and fewer issues.
What are the key features of SonarQube Server?Many industries implement SonarQube Server to uphold coding standards, maintain security protocols, and streamline their software development lifecycle. In sectors like finance and healthcare, adhering to regulations and ensuring reliable software is critical, making SonarQube Server invaluable. It is often integrated into CI/CD pipelines, ensuring that code changes meet set standards before deployment. This approach enhances productivity and maintains compliance with industry-specific requirements.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
