Fortify Application Defender's most valuable features include real-time data analysis, security defect identification, simple user interface, static code analysis, automatic vulnerability notifications, machine learning algorithms, and rule customization. It integrates easily with code repositories and CI/CD pipelines and offers fast scanning. The tool provides specific application defense, helpful information for issue resolution, and software composition analysis, enhancing security assessments and saving cost and time. Its rule configuration and default code packages are also appreciated.
- "I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy."
- "The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
- "The product saves us cost and time."
Fortify Application Defender lacks support for older compilers and IDEs, limiting its compatibility with legacy systems. It struggles with performance, complex licensing, and offers inadequate technical support. The tool's false positive rate is high, especially for Python. It lacks support for additional programming languages and platforms like Python and GRAAS. It should integrate better with code review tools and improve scanning speed. Integration with Azure DevOps Marketplace would enhance usability.
- "The product should integrate industry-standard code review tools internally with its system. This would streamline the coding process, as developers wouldn't need multiple tools for code review and security checks. Many independent and open-source tools are available, from Apache to various libraries. Using multiple DevOps pipeline tools can slow the turnaround time."
- "I encountered many false positives for Python applications."
- "The false positive rate should be lower."