We performed a comparison between Fortify on Demand and Mend.io based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Audit workbench: for on-the-fly defect auditing."
"Fortify helps us to stay updated with the newest languages and versions coming out."
"I do not remember any issues with stability."
"I don’t know of any other On-Demand enterprise solution like this one where we can load the details and within a few days, receive the results of intrusion attacks, and work with HP Security Experts when needed for clarification"
"The features that I have found most valuable include its security scan, the vulnerability finds, and the web interface to search and review the issues."
"The most valuable features are the detailed reporting and the ability to set up deep scanning of the software, both of which are in the same place."
"The most valuable features of Micro Focus Fortify on Demand have been SAT analysis and application security."
"The solution is very fast."
"The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business."
"The solution is scalable."
"There are multiple different integrations there. We use Mend for CI/CD that goes through Azure as well. It works seamlessly. We never have any issues with it."
"The most valuable feature is the unified JAR to scan for all langs (wss-scanner jar)."
"We can take some measures to improve things, replace a library, or update a library which was too old or showed severe bugs."
"It gives us full visibility into what we're using, what needs to be updated, and what's vulnerable, which helps us make better decisions."
"The reporting capability gives us the option to generate an open-source license report in a single click, which gets all copyright and license information, including dependencies."
"Mend has reduced our open-source software vulnerabilities and helped us remediate issues quickly. My company's policy is to ensure that vulnerabilities are fixed before it gets to production."
"An improvement would be the ability to get vulnerabilities flowing automatically into another system."
"The products must provide better integration with build tools."
"They have very good support, but there is always room for improvement."
"There were some regulated compliances, which were not there."
"It natively supports only a few languages. They can include support for more native languages. The response time from the support team can also be improved. They can maybe include video tutorials explaining the remediation process. The remediation process is sometimes not that clear. It would be helpful to have videos. Sometimes, the solution that the tool gives in the GUI is not straightforward to understand for the developer. At present, for any such issues, you have to create a ticket for the support team and request help from the support team."
"I would like to see improvement in CI integration and integration with GitLab or Jenkins. It needs to be more simple."
"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."
"They could provide features for artificial intelligence similar to other vendors."
"WhiteSource Prioritize should be expanded to cover more than Java and JavaScript."
"It would be nice to have a better way to realize its full potential and translate it within the UI or during onboarding."
"The initial setup could be simplified."
"WhiteSource only produces a report, which is nice to look at. However, you have to check that report every week, to see if something was found that you don't want. It would be great if the build that's generating a report would fail if it finds a very important vulnerability, for instance."
"Make the product available in a very stable way for other web browsers."
"The solution lacks the code snippet part."
"Mend lets you create custom policies. They're not too complicated to set up, but it would be helpful if they had some preconfigured policies to match what we have in Azure DevOps. That would save us a lot of time. It's tedious to configure the policies manually, and I lack the capacity to do it right now. Other products have preconfigured packs and templates, and Mend doesn't."
"It should support multiple SBOM formats to be able to integrate with old industry standards."
Fortify on Demand is ranked 11th in Application Security Tools with 56 reviews while Mend.io is ranked 5th in Application Security Tools with 29 reviews. Fortify on Demand is rated 8.0, while Mend.io is rated 8.4. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". Fortify on Demand is most compared with SonarQube, Checkmarx One, Veracode, Coverity and Invicti, whereas Mend.io is most compared with SonarQube, Black Duck, Snyk, Checkmarx One and Coverity. See our Fortify on Demand vs. Mend.io report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.