We performed a comparison between Micro Focus Fortify on Demand and SonarCloud based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The SAST feature is the most valuable."
"Fortify on Demand's best feature is that there's no need to install and configure it locally since it's on the cloud."
"There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do."
"The vulnerability detection and scanning are awesome features."
"The user interface is good."
"The most valuable features are the server, scanning, and it has helped identify issues with the security analysis."
"While using Micro Focus Fortify on Demand we have been very happy with the results and findings."
"Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning."
"The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions."
"I'm not implementing the solutions. However, I've talked to the people who deploy the tools, and they are happy with how easy setting up SonarCloud is."
"The reports from SonarCloud are very good."
"The most valuable feature of SonarCloud is its overall performance."
"The solution can be installed locally."
"For what it is meant to do, it works pretty well."
"We have some stability issues, but they are minimal."
"It does scanning for all virtual machines and other things, but it doesn't do the scanning for containers. It currently lacks the ability to do the scanning on containers. We're asking their product management team to expand this capability to containers."
"The UI could be better. Fortify should also suggest new packages in the product that can be upgraded. Currently, it shows that, but it's not visible enough. In future versions, I would like more insights about the types of vulnerabilities and the pages associated with the exact CVE."
"I would like the solution to add AI support."
"It could have a little bit more streamlined installation procedure. Based on the things that I've done, it could also be a bit more automated. It is kind of taking a bunch of different scanners, and SSC is just kind of managing the results. The scanning doesn't really seem to be fully integrated into the SSC platform. More automation and any kind of integration in the SSC platform would definitely be good. There could be a way to initiate scans from SSC and more functionality on the server-side to initiate desk scans if it is not already available."
"An improvement would be the ability to get vulnerabilities flowing automatically into another system."
"Micro Focus Fortify on Demand could improve the user interface by making it more user-friendly."
"There are lots of limitations with code technology. It cannot scan .net properly either."
"We had some issues with the scanner."
"It would be helpful if notifications could go out to an extra person."
"CI/CD pipeline is part of a whole chain of design, development, and production, and it's becoming increasingly crucial to optimize the various tools across different stages. However, it's still a silo approach because the full integration is missing. This isn't just an issue with SonarCloud. It's a general problem with tooling."
"The reports could improve by providing more information. We are not able to use the reports in our operation until they are improved. Additionally, if the vendor provided more customization capabilities it would be a benefit."
"I've been told by the developers that the solution is too limited. It's not testing enough within the containers."
"SonarCloud can improve the false positives. Sometimes the gates sometimes act a little weird. We then need to manually go and mark the false positive."
More Micro Focus Fortify on Demand Pricing and Cost Advice →
Micro Focus Fortify on Demand is ranked 7th in Application Security Testing (AST) with 19 reviews while SonarCloud is ranked 11th in Application Security Testing (AST) with 6 reviews. Micro Focus Fortify on Demand is rated 7.8, while SonarCloud is rated 8.2. The top reviewer of Micro Focus Fortify on Demand writes "High performance, useful security scanning, but cannot operate from a Linux Agent". On the other hand, the top reviewer of SonarCloud writes "It helps us detect vulnerabilities, but the integration with other tools in the CI/CD pipeline could be better". Micro Focus Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx, Fortify WebInspect and Coverity, whereas SonarCloud is most compared with SonarQube, Veracode, Checkmarx, OWASP Zap and Qualys Web Application Scanning. See our Micro Focus Fortify on Demand vs. SonarCloud report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
