"The most valuable feature is the static analysis."
"The user interface is ok and it is very simple to use."
"It is scalable and very easy to use."
"The solution is easy to use."
"The accuracy of its scans is great."
"The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."
"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."
"Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning."
"It's a stable and scalable solution."
"Fortify on Demand is easy to use and the reporting is good."
"Being able to reduce risk overall is a very valuable feature for us."
"The UL is easy to use compared to that of other tools, and it is highly reliable. The findings provide a lower number of false positives."
"Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out."
"The most valuable feature is the capacity to be able to check vulnerabilities during the development process. The development team can check whether the code they are using is vulnerable to some type of attack or there is some type of vulnerability so that they can mitigate it. It helps us in achieving a more secure approach towards internal applications. It is an intuitive solution. It gives all the information that a developer needs to remediate a vulnerability in the coding process. It also gives you some examples of how to remediate a vulnerability in different programming languages. This solution is pretty much what we were searching for."
"It is a very easy tool for developers to use in parallel while they're doing the coding. It does auto scanning as we are progressing with the CI/CD pipeline. It has got very simple and efficient API support."
"It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved."
"It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application."
"Lately, we've seen more false negatives."
"Creating reports is very slow and it is something that should be improved."
"The scanner could be better."
"Our biggest complaint about this product is that it freezes up, and literally doesn't work for us."
"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."
"Reporting could be improved."
"Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve."
"There's a bit of a learning curve. Our development team is struggling with following the rules and following the new processes."
"The thing that could be improved is reducing the cost of usage and including some of the most pricey features, such as dynamic analysis and that sort of functionality, which makes the difference between different types of tools."
"We want a user-based control and role-based access for developers. We want to give limited access to developers so that it only pertains to the code that they write and scanning of the codes for any vulnerabilities as they're progressing with writing the code. As of now, the interface to give restricted access to the developers is not the best. It gives them more access than what is basically required, but we don't want over-provisioning and over-access."
"Integration to CI/CD pipelines could be improved. The reporting format could be more user friendly so that it is easy to read."
"We typically do our bulk uploads of our scans with some automation at the end of the development cycle but the scanning can take a lot of time. If you were doing all of it at regular intervals it would still consume a lot of time. This could procedure could improve."
"The vulnerability analysis does not always provide guidelines for what the developer should do in order to correct the problem, which means that the code has to be manually inspected and understood."
More Micro Focus Fortify on Demand Pricing and Cost Advice →
Fortify WebInspect is ranked 10th in Application Security Testing (AST) with 7 reviews while Micro Focus Fortify on Demand is ranked 4th in Application Security Testing (AST) with 14 reviews. Fortify WebInspect is rated 7.0, while Micro Focus Fortify on Demand is rated 8.0. The top reviewer of Fortify WebInspect writes "Good reporting and vulnerability management, but needs better performance and resource utilization". On the other hand, the top reviewer of Micro Focus Fortify on Demand writes "Makes it easy to discover hidden vulnerabilities in our open source libraries". Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, OWASP Zap, Veracode, HCL AppScan and Qualys Web Application Scanning, whereas Micro Focus Fortify on Demand is most compared with SonarQube, Checkmarx, Veracode, Coverity and HCL AppScan. See our Fortify WebInspect vs. Micro Focus Fortify on Demand report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
