We performed a comparison between Fortify Software Security Center and GitGuardian Platform based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."This is a stable solution at the end of the day."
"The reporting is very useful because you can always view an entire list of the issues that you have."
"You can easily download the tool's rule packs and update them."
"What is particularly helpful is that having GitGuardian show that the code failed a check enables us to automatically pass the resolution to the author. We don't have to rely on the reviewer to assign it back to him or her. Letting the authors solve their own problems before they get to the reviewer has significantly improved visibility and reduced the remediation time from multiple days to minutes or hours. Given how time-consuming code reviews can be, it saves some of our more scarce resources."
"The most valuable feature of GitGuardian is that it finds tokens and passwords. That's why we need this tool. It minimizes the possibility of security violations that we cannot find on our own."
"The most valuable feature is the alerts when secrets are leaked and we can look at particular repositories to see if there are any outstanding problems. In addition, the solution's detection capabilities seem very broad. We have no concerns there."
"The breadth of the solution detection capabilities is pretty good. They have good categories and a lot of different types of secrets... it gives us a great range when it comes to types of secrets, and that's good for us."
"The secrets detection and alerting is the most important feature. We get alerted almost immediately after someone commits a secret. It has been very accurate, allowing us to jump on it right away, then figure out if we have something substantial that has been leaked or whether it is something that we don't have to worry about. This general main feature of the app is great."
"It enables us to identify leaks that happened in the past and remediate current leaks as they happen in near real-time. When I say "near real-time," I mean within minutes. These are industry-leading remediation timelines for credential leaks. Previously, it might have taken companies years to get credentials detected or remediated. We can do it in minutes."
"GitGuardian has many features that fit our use cases. We have our internal policies on secret exposure, and our code is hosted on GitLab, so we need to prevent secrets from reaching GitLab because our customers worry that GitLab is exposed. One of the great features is the pre-receive hook. It prevents commits from being pushed to the repository by activating the hook on the remotes, which stops the developers from pushing to the remote. The secrets don't reach GitLab, and it isn't exposed."
"The most valuable feature is the general incident reporting system."
"We are having issues with false positives that need to be resolved."
"This solution is difficult to implement, and it should be made more comfortable for the end-users."
"Fortify Software Security Center's setup is really painful."
"They could give a developer access to a dashboard for their team's repositories that just shows their repository secrets. I think more could be exposed to developers."
"Automated Jira tickets would be fantastic. At the moment, I believe we have to go in and click to create a Jira ticket. It would be nice to automate."
"We'd like to request a new GitGuardian feature that automates user onboarding and access control for code repositories."
"An area for improvement is the front end for incidents. The user experience in this area could be much better."
"GitGuardian's hook and dashboard scanners are the two entities. They should work together as one. We've seen several discrepancies where the hook is not being flagged on the dashboard. I still think they need to do some fine-tuning around that. We don't want to waste time."
"GitGuardian could have more detailed information on what software engineers can do. It only provides some highly generic feedback when a secret is detected. They should have outside documentation. We send this to our software engineers, who are still doing the commits. It's the wrong way to work, but they are accustomed to doing it this way. When they go into that ticket, they see a few instructions that might be confusing. If I see a leaked secret committed two years ago, it's not enough to undo that commit. I need to go in there, change all my code to utilize GitHub secrets, and go on AWS to validate my key."
"We have encountered occasional difficulties with the Single Sign-On process."
"It would be nice if they supported detecting PII or had some kind of data loss prevention feature."
More Fortify Software Security Center Pricing and Cost Advice →
Fortify Software Security Center is ranked 27th in Static Application Security Testing (SAST) with 3 reviews while GitGuardian Platform is ranked 6th in Static Application Security Testing (SAST) with 23 reviews. Fortify Software Security Center is rated 7.4, while GitGuardian Platform is rated 9.0. The top reviewer of Fortify Software Security Center writes "A fair-priced solution that helps with application security testing ". On the other hand, the top reviewer of GitGuardian Platform writes "It dramatically improved our ability to detect secrets, saved us time, and reduced our mean time to remediation". Fortify Software Security Center is most compared with Fortify on Demand, Tricentis Tosca, Checkmarx One and Fortify WebInspect, whereas GitGuardian Platform is most compared with SonarQube, Cycode, GitHub Advanced Security, Snyk and Microsoft Purview Data Loss Prevention. See our Fortify Software Security Center vs. GitGuardian Platform report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
