We performed a comparison between Checkmarx and Micro Focus Fortify on Demand based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions are very comparable. All categories received similar ratings except that Checkmarx got better rewviews on deployment and support.
"The user interface is excellent. It's very user friendly."
"The solution has good performance, it is able to compute in 10 to 15 minutes."
"Most valuable features include: ease of use, dashboard. interface and the ability to report."
"The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"The most valuable features of Micro Focus Fortify on Demand have been SAT analysis and application security."
"I do not remember any issues with stability."
"The static code analyzers are the most valuable features of this solution."
"Each bank may have its own core banking applications with proprietary support for different programming languages. This makes Fortify particularly relevant and advantageous in those cases."
"Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out."
"While using Micro Focus Fortify on Demand we have been very happy with the results and findings."
"The most valuable features are the detailed reporting and the ability to set up deep scanning of the software, both of which are in the same place."
"Fortify supports most languages. Other tools are limited to Java and other typical languages. IBM's solutions aren't flexible enough to support any language. Fortify also integrates with lots of tools because it has API support."
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"Micro-services need to be included in the next release."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"The solution has some issues with latency. Sometimes it takes a while to respond. This issue should be addressed."
"There's a bit of a learning curve. Our development team is struggling with following the rules and following the new processes."
"The biggest deficiency is the integration with bug tracker systems. It might be better if the configuration screen presented for accessing the bug tracking systems could provide some flexibility."
"Micro Focus Fortify on Demand could improve the user interface by making it more user-friendly."
"During development, when our developer makes changes to their code, they typically use GitHub or GitLab to track those changes. However, proper integration between Fortify on Demand and GitHub and GitLab is not there yet. Improved integration would be very valuable to us."
"The reporting capabilities need improvement, as there are some features that we would like to have but are not available at the moment."
"With Rapid7 I utilized its reporting capabilities to deliver Client Reports within just a few minutes of checking the data. I believe that HP’s FoD Clients could sell more services to clients if HP put more effort into delivering visually pleasing reporting capabilities."
"This solution would be improved if the code-quality perspective were added to it, on top of the security aspect."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Fortify on Demand is ranked 10th in Application Security Tools with 56 reviews. Checkmarx One is rated 7.6, while Fortify on Demand is rated 8.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". Checkmarx One is most compared with SonarQube, Veracode, Snyk, Coverity and Mend.io, whereas Fortify on Demand is most compared with SonarQube, Veracode, Coverity, Fortify WebInspect and Snyk. See our Checkmarx One vs. Fortify on Demand report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.