We performed a comparison between Fortify on Demand and GitHub based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It helps deploy and track changes easily as per time-to-time market upgrades."
"The SAST feature is the most valuable."
"Fortify supports most languages. Other tools are limited to Java and other typical languages. IBM's solutions aren't flexible enough to support any language. Fortify also integrates with lots of tools because it has API support."
"The solution is very fast."
"The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it."
"The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product)."
"The solution is user-friendly."
"The features that I have found most valuable include its security scan, the vulnerability finds, and the web interface to search and review the issues."
"GitHub provides good time reduction and this is what I value the most."
"The initial setup was easy."
"Our code is secure."
"The most valuable feature of GitHub is version control and continuous integration."
"GitHub's version control is valuable."
"This product allows us to easily collaborate on development tasks with our subcontractors, and control the workflow as the project progresses."
"The most valuable feature is the fact that it's cloud-based, and we don't have to manage an on-premises server to use it."
"We've found the technical support to be very helpful."
"Primarily for a complex, advanced website, they don't really understand some of the functionalities. So for instance, they could tell us that there is a vulnerability because somebody could possibly do something, but they don't really understand the code to realize that we actually negate that vulnerability through some other mechanism in the program. In addition, the technical support is just not there. We have open tickets. They don't respond. Even if they respond, we're not seeing eye to eye. As the company got sold and bought, the support got worse."
"There's a bit of a learning curve. Our development team is struggling with following the rules and following the new processes."
"It natively supports only a few languages. They can include support for more native languages. The response time from the support team can also be improved. They can maybe include video tutorials explaining the remediation process. The remediation process is sometimes not that clear. It would be helpful to have videos. Sometimes, the solution that the tool gives in the GUI is not straightforward to understand for the developer. At present, for any such issues, you have to create a ticket for the support team and request help from the support team."
"It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the overall time span to scan the code, and even to set up the code scanning, is a bit overwhelming for regular developers."
"Takes up a lot of resources which can slow things down."
"Fortify on Demand could be improved with support in Russia."
"There is room for improvement in the integration process."
"The products must provide better integration with build tools."
"We would like this solution to have a more user-friendly interface."
"The descriptions within Github could be more user-friendly to show the trees of Gitflow."
"I would want to see some form of code security scanning implemented."
"This solution could be improved if migration was fully automated to make it easy, for example, to migrate repositories into GitHub."
"The user interface on GitLab is better."
"There can be conflict issues when two developers work on the same file or line of code, and it would be great to see that improved, possibly with an AI solution."
"GitHub could have better integration or capability with other solutions."
"From the recruiting standpoint, I would like to see email IDs and phone numbers and a brief introduction about their profile."
Fortify on Demand is ranked 11th in Application Security Tools with 56 reviews while GitHub is ranked 10th in Application Security Tools with 64 reviews. Fortify on Demand is rated 8.0, while GitHub is rated 8.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". Fortify on Demand is most compared with SonarQube, Checkmarx One, Veracode, Coverity and Tenable.io Web Application Scanning, whereas GitHub is most compared with Snyk, AWS CodeCommit, Atlassian SourceTree, Bitbucket and Checkmarx One. See our Fortify on Demand vs. GitHub report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.