We performed a comparison between Fortify on Demand and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is a very easy tool for developers to use in parallel while they're doing the coding. It does auto scanning as we are progressing with the CI/CD pipeline. It has got very simple and efficient API support."
"This product is top-notch solution and the technology is the best on the market."
"The most valuable feature of Micro Focus Fortify on Demand is the information it can provide. There is quite a lot of information. It can pinpoint right down to where the problem is, allowing you to know where to fix it. Overall the features are easy to use, you don't have to be a coder. You can be a manager, or in IT operations, et cetera, anyone can use it. It is quite a well-rounded functional solution."
"The most valuable feature is the capacity to be able to check vulnerabilities during the development process. The development team can check whether the code they are using is vulnerable to some type of attack or there is some type of vulnerability so that they can mitigate it. It helps us in achieving a more secure approach towards internal applications. It is an intuitive solution. It gives all the information that a developer needs to remediate a vulnerability in the coding process. It also gives you some examples of how to remediate a vulnerability in different programming languages. This solution is pretty much what we were searching for."
"The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation."
"The static code analyzers are the most valuable features of this solution."
"Fortify on Demand is easy to use and the reporting is good."
"What stands out to me is the user-friendliness of each feature."
"It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code."
"IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability."
"It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings."
"The solution is easy to install. I would rate the product's setup between six to seven out of ten. The deployment time depends on the applications that need to be scanned. We have a development and operations team to take care of the product's maintenance."
"The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL."
"It was easy to set up."
"The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase."
"It provides a better integration for our ecosystem."
"Takes up a lot of resources which can slow things down."
"In terms of what could be improved, we need more strategic analysis reports, not just for one specific application, but for the whole enterprise. In the next release, we need more reports and more analytic views for all the applications. There is no enterprise view in Fortify. I would like enterprise views and reports."
"There is room for improvement in the integration process."
"It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the overall time span to scan the code, and even to set up the code scanning, is a bit overwhelming for regular developers."
"Sometimes when we run a full scan, we have a bunch of issues in the code. We should not have any issues."
"Micro Focus Fortify on Demand could improve the user interface by making it more user-friendly."
"We want a user-based control and role-based access for developers. We want to give limited access to developers so that it only pertains to the code that they write and scanning of the codes for any vulnerabilities as they're progressing with writing the code. As of now, the interface to give restricted access to the developers is not the best. It gives them more access than what is basically required, but we don't want over-provisioning and over-access."
"An improvement would be the ability to get vulnerabilities flowing automatically into another system."
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
"I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"There is room for improvement in the pricing model."
"It has crashed at times."
"The solution could improve by having a mobile version."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"The product has some technical limitations."
Fortify on Demand is ranked 10th in Application Security Tools with 56 reviews while HCL AppScan is ranked 15th in Application Security Tools with 40 reviews. Fortify on Demand is rated 8.0, while HCL AppScan is rated 7.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and GitHub, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, OWASP Zap and Fortify WebInspect. See our Fortify on Demand vs. HCL AppScan report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.