Used for multiple environments, compilers, and operating systems, including Altera, Xilinx, Linux, Windows, and cross-compiler environments.
Its ability to find security defects is valuable. However, support for older compilers/IDEs is lacking
Pros and Cons
- "Its ability to find security defects is valuable."
- "Support for older compilers/IDEs is lacking."
What is our primary use case?
How has it helped my organization?
It is a good product when support for environments is included. It finds several items and is also good at not reporting false positives.
What is most valuable?
Its ability to find security defects is valuable. The elimination of security defects is my top priority. Of secondary importance is finding coding defects.
What needs improvement?
Support for older compilers/IDEs is lacking. Many developers are still using environments that are known for having security issues. For example, Visual Studio 2005, 2008, and older, gcc 1.x, etc. are still being used. However, we cannot analyze a project using these older compilers because they are no longer supported by Fortify. If I can't find security issues injected by the development environment because I'm forced to use a newer compiler, then I cannot make recommendations to use an updated compiler. This is a particularly thorny issue wherein development environments of mission critical systems do not change and yet we need to recommend usage of newer development environments.
Buyer's Guide
Application Security Tools
December 2024
Find out what your peers are saying about OpenText, Sonar, Checkmarx and others in Application Security Tools. Updated: December 2024.
824,053 professionals have used our research since 2012.
For how long have I used the solution?
More than five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Assistant Consultant at a logistics company with 10,001+ employees
Helped us to improve the code quality of our organization
Pros and Cons
- "The solution helped us to improve the code quality of our organization."
- "The solution is quite expensive."
What is our primary use case?
We use the solution for static code analysis. We do static code analysis on our application project code and we use the solution to check the product quality.
How has it helped my organization?
The solution helped us to improve the code quality of our organization.
What needs improvement?
The solution is quite expensive.
There could be little improvements made in the solution's performance, reporting, management, interface, dashboard, etc.
Their level of support could also be better. They should be more qualified and quicker to respond, for example.
It would be beneficial if the dashboard integrated with JIRA.
For how long have I used the solution?
I've been using the solution for a few months.
What do I think about the stability of the solution?
The solution is very stable. We find it pretty robust.
What do I think about the scalability of the solution?
We used it for more than 70-80 products for doing standard code analysis and the scalability was pretty good. We didn't see any performance issues.
How are customer service and technical support?
Technical support is pretty helpful.
How was the initial setup?
The initial setup is pretty straightforward. You need less than three people to maintain the solution after implementation.
What other advice do I have?
We've been using the private cloud deployment model.
If you need a huge impact, a business impact, then I think I would recommend HP Fortify. However, if a user is looking for a small scale application with less business impact, I would go with a free solution.
I would rate the solution ten out of ten. Aside from the cost, the application is pretty good.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Application Security Tools
December 2024
Find out what your peers are saying about OpenText, Sonar, Checkmarx and others in Application Security Tools. Updated: December 2024.
824,053 professionals have used our research since 2012.
Senior Manager Technical Operations at NeuStar
Useful default coding languages, reliable, but more coding languages needed
Pros and Cons
- "The most valuable features of Fortify Application Defender are the code packages that are default."
- "Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."
What is most valuable?
The most valuable features of Fortify Application Defender are the code packages that are default.
What needs improvement?
Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy.
For how long have I used the solution?
I have been using Fortify Application Defender for approximately four years.
What do I think about the stability of the solution?
Fortify Application Defender is a stable solution.
What do I think about the scalability of the solution?
The scalability of Fortify Application Defender is good.
How are customer service and support?
I have not used technical support but I have some good feedback.
Which solution did I use previously and why did I switch?
I have not used another similar solution to Fortify Application Defender.
What other advice do I have?
Fortify Application Defender has a few drawbacks, it has its own pros and cons, but it's a good tool to use in any industry.
I would recommend this solution to others.
I rate Fortify Application Defender a seven out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Download our free Application Security Tools Report and find out what your peers are saying about OpenText, Sonar, Checkmarx, and more!
Updated: December 2024
Product Categories
Application Security ToolsPopular Comparisons
SonarQube Server (formerly SonarQube)
Checkmarx One
Fortify on Demand
Sonatype Lifecycle
Qualys Web Application Scanning
Tenable.io Web Application Scanning
Contrast Security Protect
Digital.ai Application Security
Buyer's Guide
Download our free Application Security Tools Report and find out what your peers are saying about OpenText, Sonar, Checkmarx, and more!
Quick Links
Learn More: Questions:
- What is the Biggest Difference Between Checkmarx and Fortify?
- If you had to both encrypt and compress data during transmission, which would you do first and why?
- When evaluating Application Security, what aspect do you think is the most important to look for?
- What are the Top 5 cybersecurity trends in 2022?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- Which application security solutions include both vulnerability scans and quality checks?
- We're evaluating Tripwire, what else should we consider?
- Is SonarQube the best tool for static analysis?
- Why Do I Need Application Security Software?
- Which Email Security enterprise solution would you choose: Cisco Secure Email vs Forcepoint Email Security vs Barracuda Email Security Gateway?