2020-12-17T09:14:00Z

What alternatives are there for Fortify WebInspect and Fortify SCA?

Dear All, 

Can you suggest 2 or 3 products that could compete with:

1. Fortify WebInspect 

2. Fortify Static Code Analyzer

I need suggestions for similar products so I could compare for my consultant project. 
Thanks in advance for the advice.

Regards

4
PeerSpot user
4 Answers
Russell Rothstein - PeerSpot reviewer
CEO at PeerSpot
Community Manager
2020-12-17T18:26:06Z
Dec 17, 2020

According to the IT Central Station community, the most popular alternatives to Fortify WebInspect are Micro Focus Fortify on Demand, OWASP Zap, PortSwigger Burp, and HCL AppScan. Hope that's helpful!

Dec 21, 2020

@Russell Rothstein Thank You russel

PeerSpot user
Search for a product comparison in Software Composition Analysis (SCA)
CK
Founder & Chairman at Endpoint-labs Cyber Security R&D
Real User
Top 10Leaderboard
2021-02-11T12:09:19Z
Feb 11, 2021

I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.

TR
Founder at Saltworks Security
Real User
Top 20
2021-01-18T15:02:18Z
Jan 18, 2021

Rendra, 


You need to ask yourself a few questions: 
1. Do I know is the technology stack (languages) that needs to be supported? 
2. Do I have access to the Source Code, just Binaries OR Both? 
3. Do I need to support SCA(FOSS) 
4. Do I need a unified Dashboard for reporting for SAST, DAST & SCA? 
5. What is the size of the experienced team I have to support this? 


For a DAST solution: 
1. What is the size of the experienced team I have to support this? 
2. Do I want the DAST to integrate with other tools (BurpSuite, MetaSploit, WAF, etc) 
3. Do I want the DAST to automate from a Postman Script, Jenkins Build Server, JIRA, ServiceNow, etc. 
4. Do I need a unified Dashboard for reporting for SAST, DAST & SCA? 


Instead of asking who can compete with Fortify, it might be better to ask who can compliment Fortify OR what did I dislike most about Fortify. Then find some others who will give you a fair and unbiased opinion. 


When you look at the top 4 players in the market being Fortify, VeraCode, Checkmarx, Synopsys.... what do you see? Then ask why? (Hint...all top leadership and top sales begin at Fortify) 


Hope this helps.

OV
CEO at MergeBase
Vendor
2020-12-18T19:17:15Z
Dec 18, 2020

Fortify Static Code Analyzer is actually NOT an SCA (Software Composition Analysis) tool! It competes more with Checkmarx and Veracode

TR
Founder at Saltworks Security
Real User
Top 20
Jan 18, 2021

@Oscar Van Der Meer Fortify SCA (Static Code Analyzer) was around way before SCA (Software Composition Analysis). There are various integrations with Software Composition Analysis (SonaType, BlackDuck, Snyk, WhiteSource, and OWASP Dependency Checker & Track. The reason behind it is to allow customers the flexibility to  integrate with the tool the line of business chooses within the corporation. 

PeerSpot user
Find out what your peers are saying about Micro Focus, GitLab, ShiftLeft and others in Software Composition Analysis (SCA). Updated: February 2023.
685,707 professionals have used our research since 2012.
Related Questions
Julia Miller - PeerSpot reviewer
Community Director at PeerSpot
May 5, 2020
How do you or your organization use this solution? Please share with us so that your peers can learn from your experiences. Thank you!
2 out of 5 answers
MS
Information Security Architect at a real estate/law firm with 1,001-5,000 employees
Jun 24, 2019
We primarily use the application for web application scanning.
CV
Senior Software Developer at a financial services firm with 10,001+ employees
Nov 14, 2019
We primarily use the solution for dynamic application scanning.
Julia Miller - PeerSpot reviewer
Community Director at PeerSpot
Jul 13, 2022
Hi, We all know it's really hard to get good pricing and cost information. Please share what you can so you can help your peers.
2 out of 7 answers
MS
Information Security Architect at a real estate/law firm with 1,001-5,000 employees
Jun 24, 2019
I'm not sure about the licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools with similar functionalities. The pricing is a little more costly than other regular solutions. There are only two such products that are this costly. This and IBM. The rest of the application scanners are not as costly.
FV
Senior Information Technology Architect at a computer software company with 11-50 employees
Mar 30, 2020
The pricing is not clear and while it is not high, it is difficult to understand.
Related Articles
NC
Content Manager at PeerSpot (formerly IT Central Station)
Apr 19, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 5 Software Composition Analysis (SCA...
NC
Content Manager at PeerSpot (formerly IT Central Station)
Apr 11, 2022
The world of technology is constantly undergoing both evolutions and revolutions. It is always difficult to know just what kinds of changes and innovations each year is going to bring. The fields of Development and Operations (DevOps) and Development, Security, and Operations (DevSecOps) are two examples where the best people can do is offer their predictions of what might be in store. PeerSp...
Moderator
it_user72771 - PeerSpot reviewer
Info Sec Consultant at Size 41 Digital
Real User
Top 5
Related Articles
NC
Content Manager at PeerSpot (formerly IT Central Station)
Apr 19, 2022
Top 5 Software Composition Analysis (SCA) Solutions 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
NC
Content Manager at PeerSpot (formerly IT Central Station)
Apr 11, 2022
PeerSpot Users' DevOps and DevSecOps predictions 2022
The world of technology is constantly undergoing both evolutions and revolutions. It is always di...
Download Free Report
Download our free Software Composition Analysis (SCA) Report and find out what your peers are saying about Micro Focus, GitLab, ShiftLeft, and more! Updated: February 2023.
DOWNLOAD NOW
685,707 professionals have used our research since 2012.