Fortify on Demand and SonarQube Server are leading products in the software security and code quality domains. Fortify on Demand has an edge with its strong security integration throughout the development lifecycle, while SonarQube Server is preferred for its code quality and CI/CD pipeline integration.
Features: Fortify on Demand provides broad language support, robust API integration, and effective scanning capabilities. It delivers advanced security insights during the software development lifecycle. SonarQube Server is known for its open-source nature, extensive language coverage, and smooth integration with CI/CD pipelines, which enhances code quality and maintainability.
Room for Improvement: Fortify on Demand users face integration and reporting challenges, with demands for a more comprehensive enterprise-level analysis and faster scanning. Improved false positive handling and richer customization options are also desired. SonarQube Server could enhance its security scanning functionality and provide better support for modern web technologies, along with reducing false positives. There is also potential for advancement in dynamic scanning and improved multi-language support.
Ease of Deployment and Customer Service: Fortify on Demand offers deployment options in on-premises, cloud, and hybrid models, with some users experiencing slower customer support. SonarQube Server’s open-source nature requires more setup effort, and while adequate, the technical support feedback indicates gaps in documentation and community assistance.
Pricing and ROI: Fortify on Demand is considered pricey but justified by its feature set and its impact on reducing security incidents. Different licensing models could benefit from subscription flexibility. SonarQube Server provides a compelling pricing model with free community editions and affordable paid versions, making it accessible for organizations focusing on code quality while additional plugins may increase costs.
Fortify on Demand is a web application security testing tool that enables continuous monitoring. The solution is designed to help you with security testing, vulnerability management and tailored expertise, and is able to provide the support needed to easily create, supplement, and expand a software security assurance program without the need for additional infrastructure or resources.
Fortify on Demand Features
Fortify on Demand has many valuable key features. Some of the most useful ones include:
Fortify on Demand Benefits
There are several benefits to implementing Fortify on Demand. Some of the biggest advantages the solution offers include:
Reviews from Real Users
Below are some reviews and helpful feedback written by PeerSpot users currently using the Fortify on Demand solution.
Dionisio V., Senior System Analyst at Azurian, says, "One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that." He goes on to add, “Another reason I like Fortify on Demand is because our code often includes open source libraries, and it's important to know when the library is outdated or if it has any known vulnerabilities in it. This information is important to us when we're developing our solutions and Fortify on Demand informs us when it detects any vulnerable open source libraries.”
A Security Systems Analyst at a retailer mentions, “Being able to reduce risk overall is a very valuable feature for us.”
Jayashree A., Executive Manager at PepsiCo, comments, “Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning. When we are exploring some of the endpoints this solution identifies many loopholes that hackers could utilize for an attack. This has been very helpful and surprising how many vulnerabilities there can be.”
A Principal Solutions Architect at a security firm explains, “Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out.”
PeerSpot user Mamta J., Co-Founder at TechScalable, states, "Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."
SonarQube Server enhances code quality and security via static code analysis. It detects vulnerabilities, improves standards, and reduces technical debt, integrating into CI/CD pipelines.
SonarQube Server is a comprehensive tool for enhancing code quality and security. It offers static code analysis to identify vulnerabilities, improve coding standards, and reduce technical debt. By integrating into CI/CD pipelines, it provides automated checks for adherence to best practices. Organizations use it for code inspection, security testing, and compliance, ensuring development environments with better maintainability and fewer issues.
What are the key features of SonarQube Server?Many industries implement SonarQube Server to uphold coding standards, maintain security protocols, and streamline their software development lifecycle. In sectors like finance and healthcare, adhering to regulations and ensuring reliable software is critical, making SonarQube Server invaluable. It is often integrated into CI/CD pipelines, ensuring that code changes meet set standards before deployment. This approach enhances productivity and maintains compliance with industry-specific requirements.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.