We performed a comparison between Fortify on Demand and GitHub based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The installation was easy."
"The SAST feature is the most valuable."
"The most valuable feature is the capacity to be able to check vulnerabilities during the development process. The development team can check whether the code they are using is vulnerable to some type of attack or there is some type of vulnerability so that they can mitigate it. It helps us in achieving a more secure approach towards internal applications. It is an intuitive solution. It gives all the information that a developer needs to remediate a vulnerability in the coding process. It also gives you some examples of how to remediate a vulnerability in different programming languages. This solution is pretty much what we were searching for."
"The features that I have found most valuable include its security scan, the vulnerability finds, and the web interface to search and review the issues."
"Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."
"It has saved us a lot of time as we focus primarily on programming rather than tool operational work."
"One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that."
"The quality of application security testing reduces risk and gives very few false positives."
"GitHub is pure or open-source; you can access it anywhere. You can have a lot of collateral information. You can make the changes and do the reviews from one place."
"The ease of use is valuable."
"GitHub provides the SFH key to protect our passwords and connection."
"GitHub allows us the option to push files from a non-UA method or directly upload files from the UA. You can integrate GitHub with Jenkins to do CI/CD."
"The most valuable features of GitHub are the ease of integration into Microsoft Azure DevOps. The process that you need to deploy into Microsoft Azure becomes fairly simple and the templates are already available, a lot of the engineers find it easier to use."
"We've found the technical support to be very helpful."
"The solution is scalable."
"The versioning of the code and the tracking of changes are definitely some of my top features."
"We want a user-based control and role-based access for developers. We want to give limited access to developers so that it only pertains to the code that they write and scanning of the codes for any vulnerabilities as they're progressing with writing the code. As of now, the interface to give restricted access to the developers is not the best. It gives them more access than what is basically required, but we don't want over-provisioning and over-access."
"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."
"The products must provide better integration with build tools."
"There were some regulated compliances, which were not there."
"The technical support is actually a problem that needs to be addressed. Since the acquisition and merger with Hewlett Packard, it has been really hard to know who the technical or salesperson to talk to."
"With Rapid7 I utilized its reporting capabilities to deliver Client Reports within just a few minutes of checking the data. I believe that HP’s FoD Clients could sell more services to clients if HP put more effort into delivering visually pleasing reporting capabilities."
"During development, when our developer makes changes to their code, they typically use GitHub or GitLab to track those changes. However, proper integration between Fortify on Demand and GitHub and GitLab is not there yet. Improved integration would be very valuable to us."
"Micro Focus Fortify on Demand could improve the user interface by making it more user-friendly."
"It would be useful to have tutorial videos within the GitHub dashboard."
"I would like to see more security where a plugin was available for us to update in relation to security."
"I think it would be valuable to have more security. Some of the data is very open to everyone."
"It would be better if the amount of storage were increased."
"The GUI design is poor, so I exclusively use the CLI, which is much easier to use and understand. It would be great to see the GUI updated to be more user-friendly."
"It is difficult to merge a code or restore it to an older version."
"GitHub could expand the limits of the free version."
"The descriptions within Github could be more user-friendly to show the trees of Gitflow."
Fortify on Demand is ranked 10th in Application Security Tools with 56 reviews while GitHub is ranked 12th in Application Security Tools with 69 reviews. Fortify on Demand is rated 8.0, while GitHub is rated 8.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and Tenable.io Web Application Scanning, whereas GitHub is most compared with Snyk, AWS CodeCommit, Bitbucket, Atlassian SourceTree and Checkmarx One. See our Fortify on Demand vs. GitHub report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.