Try our new research platform with insights from 80,000+ expert users
Fortify on Demand Logo

Fortify on Demand pros and cons

Vendor: OpenText
4.0 out of 5
4,184 followers
Post review

Pros & Cons summary

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Fortify on Demand offers comprehensive application security testing, reducing risk and producing few false positives.
It integrates seamlessly with popular tools like Micro Focus WebInspect and code analysis tools, connecting directly with error tracking systems such as TFS and JIRA.
Users appreciate the ability to perform security scanning during the development process, helping to identify and mitigate vulnerabilities early.
Fortify on Demand extends its capabilities by supporting a wide range of programming languages and being well-suited for environments like microservices.
The platform's strong points include detailed vulnerability reports and efficient management of security scans, which users find effective in maintaining code integrity.

CONS

Fortify on Demand lacks integration with GitHub and GitLab, which is valuable in continuous integration environments.
Technical support needs improvement; response times are slow, and communication suffers from the effects of company acquisitions.
There is a dependency on Microsoft technologies, like .NET and Visual Studio, limiting flexibility in different development environments.
Reports are not user-friendly and would benefit from being more intuitive, with enhanced analytic views for strategic insights.
Fortify on Demand frequently identifies false positives, affecting the reliability of vulnerability assessments.
 

Fortify on Demand Pros review quotes

Jonathan Steyn - PeerSpot reviewer
Aug 12, 2024
The source code analyzer is the most effective for identifying security vulnerabilities.
reviewer1050960 - PeerSpot reviewer
May 15, 2019
The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it.
CP
Jul 6, 2023
Each bank may have its own core banking applications with proprietary support for different programming languages. This makes Fortify particularly relevant and advantageous in those cases.
Learn what your peers think about Fortify on Demand. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
817,234 professionals have used our research since 2012.
DV
Dec 16, 2020
One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that.
reviewer1078392 - PeerSpot reviewer
Dec 6, 2020
Being able to reduce risk overall is a very valuable feature for us.
reviewer1263261 - PeerSpot reviewer
Jan 12, 2020
The most valuable feature is that it connects with your development platforms, such as Microsoft Information Server and Jira.
JM
Aug 14, 2018
One of the valuable features is the ability to submit your code and have it run in the background. Then, if something comes up that is more specific, you have the security analyst who can jump in and help, if needed.
Jayashree Acharyya - PeerSpot reviewer
Sep 8, 2021
Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning.
it_user625875 - PeerSpot reviewer
Oct 28, 2018
I do not remember any issues with stability.
FC
Jan 28, 2021
The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation.
 

Fortify on Demand Cons review quotes

Jonathan Steyn - PeerSpot reviewer
Aug 12, 2024
The cybersecurity specialist or AppSec would need a bit of training to engage the user interface and to understand how it functions.
reviewer1050960 - PeerSpot reviewer
May 15, 2019
Primarily for a complex, advanced website, they don't really understand some of the functionalities. So for instance, they could tell us that there is a vulnerability because somebody could possibly do something, but they don't really understand the code to realize that we actually negate that vulnerability through some other mechanism in the program. In addition, the technical support is just not there. We have open tickets. They don't respond. Even if they respond, we're not seeing eye to eye. As the company got sold and bought, the support got worse.
CP
Jul 6, 2023
Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify.
Learn what your peers think about Fortify on Demand. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
817,234 professionals have used our research since 2012.
DV
Dec 16, 2020
During development, when our developer makes changes to their code, they typically use GitHub or GitLab to track those changes. However, proper integration between Fortify on Demand and GitHub and GitLab is not there yet. Improved integration would be very valuable to us.
reviewer1078392 - PeerSpot reviewer
Dec 6, 2020
They have a release coming out, which is full of new features. Based on their roadmap, there's nothing that I would suggest for them to put in it that they haven't already suggested. However, I am a customer, so I always think the pricing is something that could be improved. I am working with them on that, and they're very flexible. They work with their customers and kind of tailor the product to the customer's needs. So far, I am very happy with what they're able to provide. Their subscriptions could use a little bit of a reworking, but that would be about it.
reviewer1263261 - PeerSpot reviewer
Jan 12, 2020
This solution would be improved if the code-quality perspective were added to it, on top of the security aspect.
JM
Aug 14, 2018
It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the overall time span to scan the code, and even to set up the code scanning, is a bit overwhelming for regular developers.
Jayashree Acharyya - PeerSpot reviewer
Sep 8, 2021
Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve.
it_user625875 - PeerSpot reviewer
Oct 28, 2018
There were some regulated compliances, which were not there.
FC
Jan 28, 2021
There's a bit of a learning curve. Our development team is struggling with following the rules and following the new processes.