IT Central Station is now PeerSpot: Here's why

Micro Focus Fortify on Demand Room for Improvement

DV
Senior System Analyst at Azurian

During development, when our developer makes changes to their code, they typically use GitHub or GitLab to track those changes. However, proper integration between Fortify on Demand and GitHub and GitLab is not there yet. Improved integration would be very valuable to us.

Similarly, I would love to see some kind of tracing solution for use in stress testing. So when we stress the application on a certain page or on a certain platform, we would be able to see a complete stress test report which could quickly tell us about weak points or failures in the application. 

Further potential for improvement is that, when we deploy our Java WAR files for review in the QA area, we want to be able to create a report in Fortify on Demand right from within this deployment stage. So it might inspect or check the solution's Java WAR package directly and come up with a report in this crucial phase of QA. 

View full review »
RC
Security Systems Analyst at a retailer with 5,001-10,000 employees

They have a release coming out, which is full of new features. Based on their roadmap, there's nothing that I would suggest for them to put in it that they haven't already suggested. However, I am a customer, so I always think the pricing is something that could be improved. I am working with them on that, and they're very flexible. They work with their customers and kind of tailor the product to the customer's needs. So far, I am very happy with what they're able to provide. Their subscriptions could use a little bit of a reworking, but that would be about it.

View full review »
Jayashree Acharyya - PeerSpot reviewer
Executive Manager at PepsiCo

Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve.

Currently, when we are running a security scan or Azure DevOps pipeline Micro Focus Fortify on Demand will give an overall status. People have to click on the link to read the in-depth results. If there could be some output of the report that can be passed in the pipeline and based on that we can control the next step of the pipeline. For example, if Micro Focus Fortify on Demand is saying the report is critical, do not go any further. If we can have that critical variable as a pipeline output that can be used later it would be really helpful.

View full review »
Buyer's Guide
Micro Focus Fortify on Demand
June 2022
Learn what your peers think about Micro Focus Fortify on Demand. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
610,190 professionals have used our research since 2012.
Fernando Carlos - PeerSpot reviewer
Project Manager at Everis

There's a bit of a learning curve. Our development team is struggling with following the rules and following the new processes.

The initial setup is a bit complex.

We could have more detailed documentation. They could offer some quick start or some extra guidance regarding the implementation.

I'd like to see more interactive application security And more IDE integration and integration with VS Code and Eclipse. I would like to see more features of this kind.

View full review »
LM
Principal Solutions Architect at a security firm with 11-50 employees

It could have a little bit more streamlined installation procedure. Based on the things that I've done, it could also be a bit more automated. It is kind of taking a bunch of different scanners, and SSC is just kind of managing the results. The scanning doesn't really seem to be fully integrated into the SSC platform. More automation and any kind of integration in the SSC platform would definitely be good. There could be a way to initiate scans from SSC and more functionality on the server-side to initiate desk scans if it is not already available.

View full review »
Mamta Jha - PeerSpot reviewer
Co-Founder at TechScalable

In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication.

They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful.

View full review »
AP
Project Analyst at a financial services firm with 1,001-5,000 employees

It natively supports only a few languages. They can include support for more native languages. The response time from the support team can also be improved. 

They can maybe include video tutorials explaining the remediation process. The remediation process is sometimes not that clear. It would be helpful to have videos. Sometimes, the solution that the tool gives in the GUI is not straightforward to understand for the developer. At present, for any such issues, you have to create a ticket for the support team and request help from the support team.

View full review »
JP
Production Manager for Nearshore SWaT at a computer software company with 10,001+ employees

The thing that could be improved is reducing the cost of usage and including some of the most pricey features, such as dynamic analysis and that sort of functionality, which makes the difference between different types of tools.

View full review »
Harkamal-Singh - PeerSpot reviewer
Solution architect at NTT

Micro Focus Fortify on Demand could improve the user interface by making it more user-friendly.

View full review »
SS
Acquisitions Leader at a healthcare company with 10,001+ employees

It does scanning for all virtual machines and other things, but it doesn't do the scanning for containers. It currently lacks the ability to do the scanning on containers. We're asking their product management team to expand this capability to containers.

It doesn't do software composition analysis. We've asked their product management team to look into that as well.

We want a user-based control and role-based access for developers. We want to give limited access to developers so that it only pertains to the code that they write and scanning of the codes for any vulnerabilities as they're progressing with writing the code. As of now, the interface to give restricted access to the developers is not the best. It gives them more access than what is basically required, but we don't want over-provisioning and over-access.

View full review »
Yash Brahmani - PeerSpot reviewer
Devops Engineer at BNP Paribas

The UI could be better. Fortify should also suggest new packages in the product that can be upgraded. Currently, it shows that, but it's not visible enough. In future versions, I would like more insights about the types of vulnerabilities and the pages associated with the exact CVE. 

That will help us understand what's affecting the CVE. Initially, it's about finding the safer package version. Fortify should automatically recommend the safest version, so we can go to the vendor and request that. Once we identify the vulnerability, we can implement a remediation plan.

View full review »
Raghu Krishna Y - PeerSpot reviewer
GM - Technology at a outsourcing company with 10,001+ employees

We typically do our bulk uploads of our scans with some automation at the end of the development cycle but the scanning can take a lot of time. If you were doing all of it at regular intervals it would still consume a lot of time. This could procedure could improve.

We are receiving false positives. We then have to repeat the scan even though it is a false positive and tell it to ignore some of those issues. Some of the false positives could be a design issue which we will know, but they keep coming up on the report.

I have found the processes a bit cumbersome for the developers.

View full review »
Dheeraj G - PeerSpot reviewer
Information Security Engineer at a comms service provider with 501-1,000 employees

I would like to see easier integration to CI/CD pipelines. The reporting format could be more user friendly so that it is easy to read.

View full review »
RB
Security Information Manager at a tech services company with 10,001+ employees

In terms of what could be improved, we need more strategic analysis reports, not just for one specific application, but for the whole enterprise.

In the next release, we need more reports and more analytic views for all the  applications. There is no enterprise view in Fortify. I would like enterprise views and reports.

View full review »
Omar Abdelhamied Ahmed - PeerSpot reviewer
Financial Analyst at Arab Investment Bank

I would like to see improvement in CI integration and integration with GitLab or Jenkins. It needs to be more simple.

View full review »
OO
Information Security Manager at a tech services company with 501-1,000 employees

Reporting could be improved. It would nice to export to an Excel sheet or another spreadsheet. At the moment, my only option is a PDF.

Micro Focus Fortify on Demand is tailored towards more web application APIs, and I would like to see mobile applications added to the next release.

View full review »
Prasenjit Roy - PeerSpot reviewer
Sr. Cloud Solution Architect - SAP on Azure at Accenture

There are lots of limitations with code technology. It cannot scan .net properly either.

View full review »
Buyer's Guide
Micro Focus Fortify on Demand
June 2022
Learn what your peers think about Micro Focus Fortify on Demand. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
610,190 professionals have used our research since 2012.