Fortify on Demand vs Veracode comparison

Cancel
You must select at least 2 products to compare!
OpenText Logo
12,968 views|9,181 comparisons
Veracode Logo
28,835 views|19,575 comparisons
Comparison Buyer's Guide
Executive Summary
Updated on Oct 19, 2022

We performed a comparison between MicroFocus Fortify on Demand and Veracode based on our users’ reviews in four categories. After reading the collected data, you can find our conclusion below.

  • Ease of Deployment: For the most part, users say both solutions are neither complex nor overly straightforward to deploy.
  • Features: Users say Micro Focus on Demand provides concise and easy to understand test results and reports, it has very simple and efficient API support, and it is a very easy tool for developers to use while they're doing the coding. Many users would like to see more interactive application security and improved integration with other platforms.

    Veracode is SaaS hosted, which many users feel makes it very convenient and easy to use. Users like that the solution allows static analysis and dynamic analysis on a scheduled basis. Some users feel the UI can be slow and needs to be improved, and would like to have options to better control how email alerts are received.
  • Pricing: Users of both solutions tell us the pricing is a bit expensive.
  • Service and Support: Users of both solutions feel the service and support they receive are very good.

Comparison Results: Veracode nudges ahead of Microfocus Fortify on Demand in this comparison. Veracode users feel the solution enables them to analyze every security flaw, discrepancy, and vulnerability, and feel the reporting is very concise. Microfocus can be very taxing on resources and can potentially slow processes down considerably.

To learn more, read our detailed Fortify on Demand vs. Veracode Report (Updated: September 2023).
734,963 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most valuable features are the detailed reporting and the ability to set up deep scanning of the software, both of which are in the same place.""Provides good depth of scanning and we get good results.""Speed and efficiency are great features.""There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do.""The SAST feature is the most valuable.""The features that I have found most valuable include its security scan, the vulnerability finds, and the web interface to search and review the issues.""Fortify supports most languages. Other tools are limited to Java and other typical languages. IBM's solutions aren't flexible enough to support any language. Fortify also integrates with lots of tools because it has API support.""We have the option to test applications with or without credentials."

More Fortify on Demand Pros →

"Being able to scan our applications and identify all codes and defects is an extremely valuable feature.""The recommendations and frequent updates are the most valuable features of Veracode.""I liked that I could easily find out where my errors were. Instead of going through the whole code and the scripts, it showed me where the errors were and gave me an idea of how to fix them.""Static code scanning is the most valuable feature.""I like Veracode's static analysis. It was one of the core development tools when I worked with a telecommunication company where we were delivering new features for various applications and purposes each week, such as CRM, data channels, compliance, traffic data, etc.""Veracode's most valuable aspect is continuous integration. It helps us integrate with other applications so that it can monitor the security process.""What we found most valuable in Veracode is the ability to do automatic scans of our software. We've incorporated the solution into our SDLC process, so we take our builds before they get released and put them through scans to ensure any new vulnerabilities haven't occurred.""It can be very hard to make a good lab environment with a console with log windows and code bases. What I like about Veracode is that they managed to do that. It has a very responsive graphical user interface and has worked very well. I was very pleased with that."

More Veracode Pros →

Cons
"Takes up a lot of resources which can slow things down.""There are lots of limitations with code technology. It cannot scan .net properly either.""In terms of what could be improved, we need more strategic analysis reports, not just for one specific application, but for the whole enterprise. In the next release, we need more reports and more analytic views for all the applications. There is no enterprise view in Fortify. I would like enterprise views and reports.""They have very good support, but there is always room for improvement.""There are many false positives identified by the solution.""The products must provide better integration with build tools.""Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify.""Micro Focus Fortify on Demand could improve the reports. They could benefit from being more user-friendly and intuitive."

More Fortify on Demand Cons →

"There are many times when their product goes to check my code and it dies, and I don't know why. I've contacted support and they're not really helpful with this particular problem. I go to the logs and I look at what I can but I can't tell why the check process has essentially just died in the middle of checking.""I've found that Veracode is not particularly suitable for Dynamic Application Security Testing.""It would be nice if Veracode were bundled with some preferred vendors like Salesforce and offered at a discount.""There should be more control for administrative users so that we can add and delete any functionality or module within the platform. We should not have to reach out to Veracode's customer support every time. We should be able to customize our modules.""The scanning could be a little faster. The process around three or four minutes, but it would help if it could be further reduced.""I've seen slightly better static analysis tools from other companies when it comes to speed and ease of use.""Veracode can improve the price model and how they bill the final offer to customers. It's based on the amount of traffic. For example, you can buy 1 gigabyte distributed across various applications, and each one can consume part of the whole allotment of traffic data.""There is also a size limit of 100 MB so we cannot upload files that are larger than that. That could be improved. Also, the duration of the scan is a bit too long."

More Veracode Cons →

Pricing and Cost Advice
  • "The solution is expensive and the price could be reduced."
  • "The pricing model it's based on how many applications you wish to scan."
  • "Micro Focus Fortify on Demand licenses are managed by our IT team and the license model is user-based."
  • "Fortify on Demand is affordable, and its licensing comes with a year of support."
  • "There are different costs for Micro Focus Fortify on Demand depending on the assessments you want to use. There is only a standard license needed to use the solution."
  • "Fortify on Demand is moderately priced, but its pricing could be more flexible."
  • "I believe the rental license is not too expensive, but it provides a lot of information about the vulnerabilities."
  • "I'd rate it an eight out of ten in terms of pricing."
  • More Fortify on Demand Pricing and Cost Advice →

  • "From a cost perspective, it seems okay, although we will probably evaluate alternatives next time it's up for renewal because for us, it's a relatively high cost, and we want to make sure that we are using our resources most appropriately."
  • "The pricing is a little on the high side but since we combine our product into one suite, it is easy to do and works well for us."
  • "It is quite good. If you adapt it for the whole organization, it is quite affordable. The pricing plans are good as compared to the other competitors, and any small, medium, or big company can easily adopt Veracode. Its cost includes deployment, training, and support for one year."
  • "The cost has been a barrier to wider use here. I think my team is the only one at the university. Other folks might like to use it, but it's pretty pricey. You could see what else is in the market, but I hear that's the price for most solutions. You might not find a better deal in the market, or it might be an incomplete solution. I mean, for the level of interaction we get with Veracode staff, it's been pretty good."
  • "There is a fee to scale up the solution which I consider expensive."
  • "I know that Veracode is a semi-pricey solution. If you are serious about security, I would recommend that you use an open-source option to learn how the scanning process works and then look into Veracode if you want to really step up your game and have an all-in-one solution."
  • "I wouldn't really recommend Veracode for a small firm, because it might be a little pricey for them. But for a large organization, with more than 1,000 applications in the enterprise, there are tiered levels of pricing."
  • "There are no setup or implementation charges. They offer a free trial and free consulting services... The price depends on your requirements, your source code sizes, and how complicated your source code is."
  • More Veracode Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    734,963 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:We were on a subscription-based model. The subscription was expiring in December 2022, and we have decided not to renew it for this year.
    Top Answer:The products must provide better integration with build tools. In SonarQube scans, the pull requests are decorated. I don't know if it is a missing integration or a limitation, but I don't see the… more »
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Top Answer:The SAST and DAST modules are great.
    Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
    Ranking
    Views
    12,968
    Comparisons
    9,181
    Reviews
    19
    Average Words per Review
    382
    Rating
    7.8
    Views
    28,835
    Comparisons
    19,575
    Reviews
    61
    Average Words per Review
    1,127
    Rating
    8.1
    Comparisons
    Also Known As
    Micro Focus Fortify on Demand
    Learn More
    Overview

    Fortify on Demand is a web application security testing tool that enables continuous monitoring. The solution is designed to help you with security testing, vulnerability management and tailored expertise, and is able to provide the support needed to easily create, supplement, and expand a software security assurance program without the need for additional infrastructure or resources.

    Fortify on Demand Features

    Fortify on Demand has many valuable key features. Some of the most useful ones include:

    • Deployment flexibility
    • Scalability
    • Built for DevSecOps
    • Ease of use
    • Supports 27+ languages
    • Real-time vulnerability identification with
    • Security Assistant
    • Actionable results in less than 1 hour for most applications with DevOps automation
    • Expanded coverage, accuracy and remediation details with IAST runtime agent
    • Continuous application monitoring of production applications
    • Virtual patches
    • Supports iOS and Android mobile applications
    • Security vulnerability identification
    • Behavioral and reputation analysis

    Fortify on Demand Benefits

    There are several benefits to implementing Fortify on Demand. Some of the biggest advantages the solution offers include:

    • Fast remediation: With Fortify on Demand you can achieve fast remediation throughout the software lifecycle with robust assessments by a team of security experts.
    • Easy integration: The solution’s integration ecosystem is easy to use, creating a more secure software supply chain.
    • Security testing: Fortify on Demand covers in-depth mobile app security testing, open-source analysis, and vendor application security management, in addition to static and dynamic testing.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by PeerSpot users currently using the Fortify on Demand solution.

    Dionisio V., Senior System Analyst at Azurian, says, "One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that." He goes on to add, “Another reason I like Fortify on Demand is because our code often includes open source libraries, and it's important to know when the library is outdated or if it has any known vulnerabilities in it. This information is important to us when we're developing our solutions and Fortify on Demand informs us when it detects any vulnerable open source libraries.”

    A Security Systems Analyst at a retailer mentions, “Being able to reduce risk overall is a very valuable feature for us.”

    Jayashree A., Executive Manager at PepsiCo, comments, “Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning. When we are exploring some of the endpoints this solution identifies many loopholes that hackers could utilize for an attack. This has been very helpful and surprising how many vulnerabilities there can be.”

    A Principal Solutions Architect at a security firm explains, “Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out.”

    PeerSpot user Mamta J., Co-Founder at TechScalable, states, "Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."

    Veracode is a leading application security platform that helps organizations to develop and deliver secure software. Veracode's solution provides comprehensive capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing.

    Veracode's static analysis solution scans source code for various security vulnerabilities, including common web application attack vectors, injection flaws, cross-site scripting, and insecure direct object references. Veracode's dynamic analysis solution simulates real-world attacks to identify vulnerabilities that may not be detectable by static analysis alone. Veracode's software composition analysis solution scans open-source and third-party components for known vulnerabilities. Veracode's manual penetration testing service is performed by experienced security professionals who use a variety of techniques to identify vulnerabilities in software applications.

    Many organizations, including Fortune 500 companies, government agencies, and startups, use Veracode's solution. Veracode's customers rely on Veracode to help them to improve the security of their software applications and to reduce the risk of data breaches and other security incidents.

    Here are some of the benefits of using Veracode:

    • Veracode provides capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing to help organizations identify and fix security vulnerabilities in their software applications early in the development process.
    • Veracode helps organizations reduce the risk of data breaches and other security incidents by identifying and fixing security vulnerabilities in their software application. 
    • Veracode helps organizations to comply with industry regulations. Many industries have regulations that require organizations to implement security measures to protect their customers' data. Veracode's solution can help organizations to comply with these regulations by providing them with the tools and resources they need to identify and fix security vulnerabilities in their software applications.
    Offer
    Learn more about Fortify on Demand
    Keep your software secure

    Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.

    Sample Customers
    SAP, Aaron's, British Gas, FICO, Cox Automative, Callcredit Information Group, Vital and more.
    Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
    Top Industries
    REVIEWERS
    Financial Services Firm37%
    Computer Software Company15%
    Retailer11%
    Energy/Utilities Company7%
    VISITORS READING REVIEWS
    Financial Services Firm19%
    Computer Software Company15%
    Government9%
    Manufacturing Company9%
    REVIEWERS
    Financial Services Firm27%
    Computer Software Company18%
    Insurance Company9%
    Comms Service Provider5%
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company16%
    Manufacturing Company8%
    Government7%
    Company Size
    REVIEWERS
    Small Business27%
    Midsize Enterprise12%
    Large Enterprise62%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise10%
    Large Enterprise73%
    REVIEWERS
    Small Business29%
    Midsize Enterprise19%
    Large Enterprise52%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise12%
    Large Enterprise71%
    Buyer's Guide
    Fortify on Demand vs. Veracode
    September 2023
    Find out what your peers are saying about Fortify on Demand vs. Veracode and other solutions. Updated: September 2023.
    734,963 professionals have used our research since 2012.

    Fortify on Demand is ranked 10th in Application Security Tools with 18 reviews while Veracode is ranked 2nd in Application Security Tools with 70 reviews. Fortify on Demand is rated 7.8, while Veracode is rated 8.2. The top reviewer of Fortify on Demand writes "Seamless integration with various platforms and products, providing a centralized and comprehensive security analysis solutionand". On the other hand, the top reviewer of Veracode writes "Good reporting, comprehensive interface, and integrates well into our build pipeline". Fortify on Demand is most compared with SonarQube, Checkmarx, Fortify WebInspect, Coverity and OWASP Zap, whereas Veracode is most compared with SonarQube, Checkmarx, OWASP Zap, SonarCloud and Snyk. See our Fortify on Demand vs. Veracode report.

    See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.