We performed a comparison between CAST Highlight and Fortify on Demand based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features of the CAST Highlight are the interface and there are three notations that are very simple to understand and communicate with."
"The most valuable features of CAST Highlight are automation and speed."
"The way it tells you which codebase is more ready for the cloud and which codebase is less ready is very valuable. It works seamlessly with most languages."
"It offers good performance."
"CAST Highlight is easy to use and has a good dashboard."
"Provides good depth of scanning and we get good results."
"The feature that I find the most useful is being able to just see the vulnerabilities online while checking the code and then checking suggestions for fixing them."
"Audit workbench: for on-the-fly defect auditing."
"Fortify on Demand can be scaled very easily."
"One of the valuable features is the ability to submit your code and have it run in the background. Then, if something comes up that is more specific, you have the security analyst who can jump in and help, if needed."
"Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out."
"Fortify helps us to stay updated with the newest languages and versions coming out."
"I do not remember any issues with stability."
"The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user."
"There's a bit of a learning curve at the outset."
"CAST Highlight could improve to allow us to comment and do a deep analysis by ourselves."
"Its price should be better. It is a pretty costly tool. They have two products: CAST Highlight and CAST AIP. I would expect CAST Highlight to have the Help dashboard and the Engineering dashboard. These dashboards are currently a part of CAST AIP, and if these are made available in CAST Highlight, customers won't have to use two different products all the time."
"The ease of configuration and customization could be improved in CAST Highlight."
"We have some stability issues, but they are minimal."
"They have very good support, but there is always room for improvement."
"We typically do our bulk uploads of our scans with some automation at the end of the development cycle but the scanning can take a lot of time. If you were doing all of it at regular intervals it would still consume a lot of time. This could procedure could improve."
"It does scanning for all virtual machines and other things, but it doesn't do the scanning for containers. It currently lacks the ability to do the scanning on containers. We're asking their product management team to expand this capability to containers."
"Fortify on Demand needs to improve its pricing."
"I would like to see improvement in CI integration and integration with GitLab or Jenkins. It needs to be more simple."
"There's a bit of a learning curve. Our development team is struggling with following the rules and following the new processes."
"They could provide features for artificial intelligence similar to other vendors."
CAST Highlight is ranked 10th in Software Composition Analysis (SCA) with 5 reviews while Fortify on Demand is ranked 10th in Application Security Tools with 57 reviews. CAST Highlight is rated 7.8, while Fortify on Demand is rated 8.0. The top reviewer of CAST Highlight writes "Easy to set up with optimized and automated insights". On the other hand, the top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". CAST Highlight is most compared with SonarQube, Snyk, Veracode, Black Duck and Checkmarx One, whereas Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and Fortify WebInspect. See our CAST Highlight vs. Fortify on Demand report.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.