How do you or your organization use this solution?
Please share with us so that your peers can learn from your experiences.
We use Fortify Application Defender for scanning our whole repository source code for security. We have more than 4,000 repositories in our company.
I do not use this product personally. Rather, I implement it for other people. The general use case is application-specific threat blocking. Most of our customers use it as an augment to their WAF.
We use this solution for inspecting our security, such as checking to see if our developers are securing their code properly. For example, we have to ensure that they are not inadvertently exposing any IP addresses or passwords. We have to be cautious because most of our applications are related to banking and the financial domain. Fortify Application Defender accomplishes this by performing source code analysis, and it scans using agents. The source code check involves static code analysis to see if things like passwords are exposed.
We use the solution for static code analysis. We do static code analysis on our application project code and we use the solution to check the product quality.
Used for multiple environments, compilers, and operating systems, including Altera, Xilinx, Linux, Windows, and cross-compiler environments.
We all know it's really hard to get good pricing and cost information.
Please share what you can so you can help your peers.
Let the community know what you think. Share your opinions now!