We performed a comparison between MicroFocus Fortify on Demand and Veracode based on our users’ reviews in four categories. After reading the collected data, you can find our conclusion below.
Comparison Results: Veracode nudges ahead of Microfocus Fortify on Demand in this comparison. Veracode users feel the solution enables them to analyze every security flaw, discrepancy, and vulnerability, and feel the reporting is very concise. Microfocus can be very taxing on resources and can potentially slow processes down considerably.
"The most valuable features are the detailed reporting and the ability to set up deep scanning of the software, both of which are in the same place."
"Provides good depth of scanning and we get good results."
"Speed and efficiency are great features."
"There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do."
"The SAST feature is the most valuable."
"The features that I have found most valuable include its security scan, the vulnerability finds, and the web interface to search and review the issues."
"Fortify supports most languages. Other tools are limited to Java and other typical languages. IBM's solutions aren't flexible enough to support any language. Fortify also integrates with lots of tools because it has API support."
"We have the option to test applications with or without credentials."
"Being able to scan our applications and identify all codes and defects is an extremely valuable feature."
"The recommendations and frequent updates are the most valuable features of Veracode."
"I liked that I could easily find out where my errors were. Instead of going through the whole code and the scripts, it showed me where the errors were and gave me an idea of how to fix them."
"Static code scanning is the most valuable feature."
"I like Veracode's static analysis. It was one of the core development tools when I worked with a telecommunication company where we were delivering new features for various applications and purposes each week, such as CRM, data channels, compliance, traffic data, etc."
"Veracode's most valuable aspect is continuous integration. It helps us integrate with other applications so that it can monitor the security process."
"What we found most valuable in Veracode is the ability to do automatic scans of our software. We've incorporated the solution into our SDLC process, so we take our builds before they get released and put them through scans to ensure any new vulnerabilities haven't occurred."
"It can be very hard to make a good lab environment with a console with log windows and code bases. What I like about Veracode is that they managed to do that. It has a very responsive graphical user interface and has worked very well. I was very pleased with that."
"Takes up a lot of resources which can slow things down."
"There are lots of limitations with code technology. It cannot scan .net properly either."
"In terms of what could be improved, we need more strategic analysis reports, not just for one specific application, but for the whole enterprise. In the next release, we need more reports and more analytic views for all the applications. There is no enterprise view in Fortify. I would like enterprise views and reports."
"They have very good support, but there is always room for improvement."
"There are many false positives identified by the solution."
"The products must provide better integration with build tools."
"Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify."
"Micro Focus Fortify on Demand could improve the reports. They could benefit from being more user-friendly and intuitive."
"There are many times when their product goes to check my code and it dies, and I don't know why. I've contacted support and they're not really helpful with this particular problem. I go to the logs and I look at what I can but I can't tell why the check process has essentially just died in the middle of checking."
"I've found that Veracode is not particularly suitable for Dynamic Application Security Testing."
"It would be nice if Veracode were bundled with some preferred vendors like Salesforce and offered at a discount."
"There should be more control for administrative users so that we can add and delete any functionality or module within the platform. We should not have to reach out to Veracode's customer support every time. We should be able to customize our modules."
"The scanning could be a little faster. The process around three or four minutes, but it would help if it could be further reduced."
"I've seen slightly better static analysis tools from other companies when it comes to speed and ease of use."
"Veracode can improve the price model and how they bill the final offer to customers. It's based on the amount of traffic. For example, you can buy 1 gigabyte distributed across various applications, and each one can consume part of the whole allotment of traffic data."
"There is also a size limit of 100 MB so we cannot upload files that are larger than that. That could be improved. Also, the duration of the scan is a bit too long."
Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.
Fortify on Demand is ranked 10th in Application Security Tools with 18 reviews while Veracode is ranked 2nd in Application Security Tools with 70 reviews. Fortify on Demand is rated 7.8, while Veracode is rated 8.2. The top reviewer of Fortify on Demand writes "Seamless integration with various platforms and products, providing a centralized and comprehensive security analysis solutionand". On the other hand, the top reviewer of Veracode writes "Good reporting, comprehensive interface, and integrates well into our build pipeline". Fortify on Demand is most compared with SonarQube, Checkmarx, Fortify WebInspect, Coverity and OWASP Zap, whereas Veracode is most compared with SonarQube, Checkmarx, OWASP Zap, SonarCloud and Snyk. See our Fortify on Demand vs. Veracode report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.