Try our new research platform with insights from 80,000+ expert users

Fortify Application Defender Room for Improvement

VS
CTO at Abcl

The product should integrate industry-standard code review tools internally with its system. This would streamline the coding process, as developers wouldn't need multiple tools for code review and security checks. Many independent and open-source tools are available, from Apache to various libraries. Using multiple DevOps pipeline tools can slow the turnaround time.

View full review »
AS
Senior Security Analyst (AppSec) at ELETROBRAS

I encountered many false positives for Python applications. 

View full review »
Saroj-Patnaik - PeerSpot reviewer
Software Development Engineer 3 at a consultancy with 10,001+ employees

Fortify Application Defender gives a lot of false positives and would be improved by using rule-based scanning to reduce this.

View full review »
Buyer's Guide
Application Security Tools
June 2025
Find out what your peers are saying about OpenText, Sonar, Checkmarx and others in Application Security Tools. Updated: June 2025.
859,957 professionals have used our research since 2012.
HisaoOgata - PeerSpot reviewer
Department Manger at Hitachi Channel

The product does not work well with Java coding. The false positive rate should be lower. The product should introduce more licensing models and reduce the licensing cost.

View full review »
WW
System Quality Assurance Manager at AIS - Advanced Info Services Plc.

The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours.

In an upcoming release, they could improve how they apply the automation.

View full review »
TH
Director of Security at Merito

The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java. They need better support for applications written in Python or more advanced web service-type implementations. Better support for other architectures is critical.

Technical support needs to be improved.

It would be helpful to include agent deployment as part of the Azure DevOps marketplace. This would make it really easy for customers to get this plugin and install it within their application centers.

View full review »
DP
DevOps Engineer at a energy/utilities company with 10,001+ employees

There are a couple of vulnerabilities not covered by the solution and we are working on how we can improve on these things. An example of this is when we have a static value that is stored in a database. We need to use a workaround when a value is not exposed directly to the code base, where we check that code dynamically.

The workbench is a little bit complex when you first start using it.

View full review »
reviewer1142943 - PeerSpot reviewer
Business Development Specialist at a computer software company with 11-50 employees

The licensing can be a little complex.

View full review »
GM
Assistant Consultant at a logistics company with 10,001+ employees

The solution is quite expensive.

There could be little improvements made in the solution's performance, reporting, management, interface, dashboard, etc. 

Their level of support could also be better.  They should be more qualified and quicker to respond, for example. 

It would be beneficial if the dashboard integrated with JIRA.

View full review »
BD
Principle Engineer at MTSI

Support for older compilers/IDEs is lacking. Many developers are still using environments that are known for having security issues. For example, Visual Studio 2005, 2008, and older, gcc 1.x, etc. are still being used. However, we cannot analyze a project using these older compilers because they are no longer supported by Fortify. If I can't find security issues injected by the development environment because I'm forced to use a newer compiler, then I cannot make recommendations to use an updated compiler. This is a particularly thorny issue wherein development environments of mission critical systems do not change and yet we need to recommend usage of newer development environments.

View full review »
KP
Senior Manager Technical Operations at NeuStar

Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy.

View full review »
Buyer's Guide
Application Security Tools
June 2025
Find out what your peers are saying about OpenText, Sonar, Checkmarx and others in Application Security Tools. Updated: June 2025.
859,957 professionals have used our research since 2012.