We changed our name from IT Central Station: Here's why
Acquisitions Leader at a healthcare company with 10,001+ employees
Real User
Top 5Leaderboard
Outstanding support, efficient API, and one of the best tools for the Shift Left approach
Pros and Cons
  • "It is a very easy tool for developers to use in parallel while they're doing the coding. It does auto scanning as we are progressing with the CI/CD pipeline. It has got very simple and efficient API support."
  • "It is an extremely robust, scalable, and stable solution."
  • "It does scanning for all virtual machines and other things, but it doesn't do the scanning for containers. It currently lacks the ability to do the scanning on containers. We're asking their product management team to expand this capability to containers."
  • "We want a user-based control and role-based access for developers. We want to give limited access to developers so that it only pertains to the code that they write and scanning of the codes for any vulnerabilities as they're progressing with writing the code. As of now, the interface to give restricted access to the developers is not the best. It gives them more access than what is basically required, but we don't want over-provisioning and over-access."

What is our primary use case?

We are using it for application security testing. We have microservices and applications within the organization, and the testing is being done on a continuous basis right through the development cycle or the development chain.

We are using its latest version. It is deployed on the cloud and on-premises.

What is most valuable?

It is a very easy tool for developers to use in parallel while they're doing the coding. It does auto scanning as we are progressing with the CI/CD pipeline. It has got very simple and efficient API support.

It is an extremely robust, scalable, and stable solution.

It enhance the quality of code all along the CI/CD pipeline from a security standpoint and enables developers to deliver secure code right from the initial stages.

What needs improvement?

It does scanning for all virtual machines and other things, but it doesn't do the scanning for containers. It currently lacks the ability to do the scanning on containers. We're asking their product management team to expand this capability to containers.

It doesn't do software composition analysis. We've asked their product management team to look into that as well.

We want a user-based control and role-based access for developers. We want to give limited access to developers so that it only pertains to the code that they write and scanning of the codes for any vulnerabilities as they're progressing with writing the code. As of now, the interface to give restricted access to the developers is not the best. It gives them more access than what is basically required, but we don't want over-provisioning and over-access.

For how long have I used the solution?

I have been using this solution for four years.

What do I think about the stability of the solution?

It is very stable. 

What do I think about the scalability of the solution?

It is very scalable.

How are customer service and technical support?

Their tech support is absolutely outstanding. Their tech support is the most responsive tech support I've ever seen.

How was the initial setup?

It is very straightforward to set up. You can set it up in minutes.

What other advice do I have?

If somebody wants to shift left or integrate security early on in the CI/CD pipeline from a DevOps standpoint, this is probably one of the best tools available.

I would rate Micro Focus Fortify on Demand a nine out of 10. There are three areas for improvement. Once they improve it in those areas, then it would be 10 out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
R&D at a tech services company with 51-200 employees
Real User
Effective on-demand feature, easy to use cloud, and great support
Pros and Cons
  • "There is not one feature we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do. We were working with a different solution called SolarCloud previously and it was limited. We are trying to find the right level of security for our needs."

    What is our primary use case?

    We are using Micro Focus Fortify on Demand because in the beginning we were using the on-premise version and it was very limited. We thought we could do everything wanted with the on-premise solution. However, it was not easy to use. 

    We are testing the Micro Focus Fortify on Demand solution to improve security.

    We are using the on-premise version of this solution for the static code for developers. For the dynamic code, we're using Micro Focus Fortify on Demand.

    What is most valuable?

    There is not one feature we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do. We were working with a different solution called SolarCloud previously and it was limited. We are trying to find the right level of security for our needs.

    For how long have I used the solution?

    I have been using Micro Focus Fortify on Demand for approximately eight months.

    How are customer service and support?

    The support is good. Their support is in the Netherlands, sometimes it takes some time for the time zone difference between Latin America and the Netherlands but overall the support is good.

    How was the initial setup?

    The implementation of Micro Focus Fortify on Demand was simple, since it is on the cloud everything is automatic. They give you an account and that is all, you use the product.

    The premise solution is more rentable. However, it is asking for a lot of effort in the implementation, administration, and integration in the pipeline. It takes time until the company comes to the right level to be able to manage this product. Even with the right partners in Latin America that work with us, it took some time.

    What about the implementation team?

    We had partners in Latin America that help us integrate the implementation of the Micro Focus Fortify on Demand.

    What's my experience with pricing, setup cost, and licensing?

    The solution is expensive and the price could be reduced.

    What other advice do I have?

    My advice to others is if you choose Micro Focus Fortify on Demand, it's very simple to use. If they choose the on-premise version for the static code, they will need a person to manage it to be sure that it's integrated with all the pipelines that they developed. 

    I rate Micro Focus Fortify on Demand a seven out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Learn what your peers think about Micro Focus Fortify on Demand. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
    563,780 professionals have used our research since 2012.
    Raghu Krishna Y
    GM - Technology at a outsourcing company with 10,001+ employees
    Real User
    Top 20
    Effective security analysis, stable, but occasional false positives
    Pros and Cons
    • "The most valuable features are the server, scanning, and it has helped identify issues with the security analysis."
    • "We typically do our bulk uploads of our scans with some automation at the end of the development cycle but the scanning can take a lot of time. If you were doing all of it at regular intervals it would still consume a lot of time. This could procedure could improve."

    What is our primary use case?

    We have an application sending service that we are providing to our customers and we are using Micro Focus Fortify on Demand to ensure our applications are secure. 

    What is most valuable?

    The most valuable features are the server, scanning, and it has helped identify issues with the security analysis.

    What needs improvement?

    We typically do our bulk uploads of our scans with some automation at the end of the development cycle but the scanning can take a lot of time. If you were doing all of it at regular intervals it would still consume a lot of time. This could procedure could improve.

    We are receiving false positives. We then have to repeat the scan even though it is a false positive and tell it to ignore some of those issues. Some of the false positives could be a design issue which we will know, but they keep coming up on the report.

    I have found the processes a bit cumbersome for the developers.

    For how long have I used the solution?

    I have been using this solution for approximately eight years.

    What do I think about the stability of the solution?

    I did not have any problems with the stability of this solution.

    What do I think about the scalability of the solution?

    The scalability is good.

    How are customer service and technical support?

    We did have some issues but we did not contact the technical support of Micro Focus.

    How was the initial setup?

    The initial setup was a medium effort, not too complex. However, the bulk scan uploads took time. Overall it took an average amount of time and it was easy to integrate and work with.

    What's my experience with pricing, setup cost, and licensing?

    The solution is a little expensive.

    What other advice do I have?

    I rate Micro Focus Fortify on Demand a six out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Dheeraj G
    Information Security Engineer at a comms service provider with 501-1,000 employees
    Real User
    Top 20
    Provides a lower number of false positives and is reliable and easy to use
    Pros and Cons
    • "The UL is easy to use compared to that of other tools, and it is highly reliable. The findings provide a lower number of false positives."
    • "Integration to CI/CD pipelines could be improved. The reporting format could be more user friendly so that it is easy to read."

    What is our primary use case?

    We use it for normal, daily source code reviews and code analysis.

    What is most valuable?

    The UL is easy to use compared to that of other tools, and it is highly reliable. The findings provide a lower number of false positives.

    It is easy to install, and the cost is fair.

    What needs improvement?

    I would like to see easier integration to CI/CD pipelines. The reporting format could be more user friendly so that it is easy to read.

    For how long have I used the solution?

    I've been working with Micro Focus Fortify on Demand for three years.

    What do I think about the stability of the solution?

    There were some issues with it before, but I think they have been fixed now.

    What do I think about the scalability of the solution?

    There were several limitations when I was using it before, but I am sure that they have been fixed by now.

    How are customer service and technical support?

    My experience with technical support has been very good.

    How was the initial setup?

    The initial setup is straightforward and not that complex. We had some support from IT.

    What's my experience with pricing, setup cost, and licensing?

    The price is fair compared to that of other solutions.

    What other advice do I have?

    If you are looking for commercial tools, Micro Focus Fortify on Demand is one of the best tools. It has all the features compared to those of its competitors. It is also within budget, if you're really focusing on security.

    I would rate it at eight on a scale from one to ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Information Security Manager at a tech services company with 501-1,000 employees
    Real User
    Top 5Leaderboard
    Easy to set up, stable and scalable

    What is our primary use case?

    We use Micro Focus Fortify on Demand to access web applications and more.

    What needs improvement?

    Reporting could be improved. It would nice to export to an Excel sheet or another spreadsheet. At the moment, my only option is a PDF. Micro Focus Fortify on Demand is tailored towards more web application APIs, and I would like to see mobile applications added to the next release.

    For how long have I used the solution?

    We've been using Micro Focus Fortify on Demand for almost two years.

    What do I think about the stability of the solution?

    Focus Fortify on Demand is a stable solution.

    What do I think about the scalability of the solution?

    Focus Fortify on Demand is a scalable solution. 

    How was the initial setup?

    The setup and installation…

    What is our primary use case?

    We use Micro Focus Fortify on Demand to access web applications and more.

    What needs improvement?

    Reporting could be improved. It would nice to export to an Excel sheet or another spreadsheet. At the moment, my only option is a PDF.

    Micro Focus Fortify on Demand is tailored towards more web application APIs, and I would like to see mobile applications added to the next release.

    For how long have I used the solution?

    We've been using Micro Focus Fortify on Demand for almost two years.

    What do I think about the stability of the solution?

    Focus Fortify on Demand is a stable solution.

    What do I think about the scalability of the solution?

    Focus Fortify on Demand is a scalable solution. 

    How was the initial setup?

    The setup and installation were straightforward. 

    What other advice do I have?

    On a scale from one to ten, I'll give it an eight.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Buyer's Guide
    Download our free Micro Focus Fortify on Demand Report and get advice and tips from experienced pros sharing their opinions.