Find out what your peers are saying about Veracode, OpenText, Checkmarx and others in Static Code Analysis.
Migrating to GitLab is bringing time-saving benefits, and everything is easier to automate.
We have saved time significantly, reducing deployment time from four hours to five minutes per deployment.
The customer service and support for Fortify Static Code Analyzer are better than those for LoadRunner.
The technical support has been good because we always received answers to our questions.
We have rarely needed to escalate issues to technical support since GitLab usually runs seamlessly.
I have interacted with architects for some advice during the implementation, and they were prompt in their response.
I have had meetings where they taught me, explained things, and provided guidance for starting from scratch.
Fortify Static Code Analyzer integrates well and is scalable.
It has all the features required for our coding and deployment needs, which makes it scalable to our changing requirements.
We're transitioning to OpenShift for future scalability with increased user numbers.
For scaling, other deployment options from GitLab's side need to be adopted.
The stability of Fortify Static Code Analyzer is generally good.
I would rate the product stability as an eight.
I have not encountered any performance or stability issues with GitLab so far.
The updates are frequent and demanding, happening at least once a week due to security reasons.
We would appreciate if the AI could give us more information about improvements and reduce the number of false positives, but this solution doesn't have this function yet.
It should be easier to install, perhaps through a container-based approach where everything is combined into one image or pack of containers.
It would be really helpful to include trending vulnerabilities and how to manage them.
It would be beneficial to have a user-friendly interface for setting up these configurations, instead of just writing YAML files.
It is essential to conduct proper testing, such as unit tests and code coverage, within the SDLC pipelines.
GitLab can improve its user interface to make conflict resolution more user-friendly.
The pricing of Fortify Static Code Analyzer is good, with a flexible model that allows customers to choose a setup that suits their needs.
My experience with the pricing, setup costs, and licensing has been good.
Even when working in other small organizations, we opted for GitLab as it was cost-efficient.
The pricing of GitLab is reasonable, aligning with what I consider to be average compared to competitors.
The price is high, and it limits user accessibility.
Fortify Static Code Analyzer has the capability of giving fewer false positives compared to other tools.
The most valuable feature of Fortify Static Code Analyzer is its extensive language support, covering many languages from legacy ones to the newest.
The most impactful feature of Fortify Static Code Analyzer in identifying vulnerabilities is the ratio of total number of vulnerabilities to false positives.
As we implement automated testing and DevSecOps, it speeds up the process by forty to sixty percent.
The Ultimate version offers enhanced features for security scanning through DAST and SAST analysis, which have greatly benefitted our project workflow.
By integrating GitLab as a DevOps platform, we have enhanced agility, improved our time to market, and different teams can work collaboratively on various projects.
Fortify Static Code Analyzer (SCA) utilizes numerous algorithms in addition to a dynamic intelligence base of secure coding protocols to investigate an application’s source code for any potential risk of malicious or dangerous threats. Additionally, the solution will prioritize the most critical concerns and give direction on how users can repair those concerns. This solution researches each and every potential route that workflow and data can travel to discover and repair all possible vulnerabilities. Fortify SCA allows users to create safe and secure software quickly. Users are able to discover potential security gaps more quickly with precise outcomes and repair them immediately.
Fortify Static Code Analyzer Benefits
Fortify Static Code Analyzer Features
Results from Real Users
“Fortify Static Code Analyzer tells us if there are any security leaks or not. If there are, then it's notifying us and does not allow us to pass the DevOps pipeline. If it finds everything's perfect, as per our given guidelines, then it is allowing us to go ahead and start it, and we are able to deploy it.” - Arun D., Senior Architect at a healthcare company.
“Its flexibility is most valuable. It is such a flexible tool. It can be implemented in a number of ways. It can do anything you want it to do. It can be fully automated within a DevOps pipeline. It can also be used in an ad hoc, special test case scenario and anywhere in between.” - Tom H., Director of Security at Merito
GitLab is a complete DevOps platform that enables teams to collaborate and deliver software faster.
It provides a single application for the entire DevOps lifecycle, from planning and development to testing, deployment, and monitoring.
With GitLab, teams can streamline their workflows, automate processes, and improve productivity.
We monitor all Static Code Analysis reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
