Try our new research platform with insights from 80,000+ expert users
Fortify on Demand Logo

Fortify on Demand pros and cons

Vendor: OpenText
4.0 out of 5
4,184 followers
Post review

Pros & Cons summary

Fortify on Demand offers robust application security testing with minimal false positives, enhancing risk reduction. Integrated with modern development environments and defect tracking tools, it supports seamless workflows. The ability to perform efficient static and dynamic code analysis aids in early vulnerability detection. Users appreciate its scalable, ease-of-use cloud-based deployment. However, code scanning is time-consuming, and reports need improvement. Slow technical support response and integration issues with third-party tools like GitHub impact usability.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Fortify on Demand offers comprehensive application security testing, reducing risk and producing few false positives.
It integrates seamlessly with popular tools like Micro Focus WebInspect and code analysis tools, connecting directly with error tracking systems such as TFS and JIRA.
Users appreciate the ability to perform security scanning during the development process, helping to identify and mitigate vulnerabilities early.
Fortify on Demand extends its capabilities by supporting a wide range of programming languages and being well-suited for environments like microservices.
The platform's strong points include detailed vulnerability reports and efficient management of security scans, which users find effective in maintaining code integrity.

CONS

Fortify on Demand lacks integration with GitHub and GitLab, which is valuable in continuous integration environments.
Technical support needs improvement; response times are slow, and communication suffers from the effects of company acquisitions.
There is a dependency on Microsoft technologies, like .NET and Visual Studio, limiting flexibility in different development environments.
Reports are not user-friendly and would benefit from being more intuitive, with enhanced analytic views for strategic insights.
Fortify on Demand frequently identifies false positives, affecting the reliability of vulnerability assessments.
 

Fortify on Demand Pros review quotes

Jonathan Steyn - PeerSpot reviewer
Aug 12, 2024
The source code analyzer is the most effective for identifying security vulnerabilities.
Read full review
reviewer1050960 - PeerSpot reviewer
May 15, 2019
The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it.
Read full review
CP
Jul 6, 2023
Each bank may have its own core banking applications with proprietary support for different programming languages. This makes Fortify particularly relevant and advantageous in those cases.
Read full review
Buyer's Guide
Fortify on Demand
November 2024
Free Report: Fortify on Demand Reviews and More
Learn what your peers think about Fortify on Demand. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
DOWNLOAD NOW
816,406 professionals have used our research since 2012.
DV
Dec 16, 2020
One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that.
Read full review
reviewer1078392 - PeerSpot reviewer
Dec 6, 2020
Being able to reduce risk overall is a very valuable feature for us.
Read full review
reviewer1263261 - PeerSpot reviewer
Jan 12, 2020
The most valuable feature is that it connects with your development platforms, such as Microsoft Information Server and Jira.
Read full review
JM
Aug 14, 2018
One of the valuable features is the ability to submit your code and have it run in the background. Then, if something comes up that is more specific, you have the security analyst who can jump in and help, if needed.
Read full review
Jayashree Acharyya - PeerSpot reviewer
Sep 8, 2021
Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning.
Read full review
it_user625875 - PeerSpot reviewer
Oct 28, 2018
I do not remember any issues with stability.
Read full review
FC
Jan 28, 2021
The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation.
Read full review
Show 10 more reviews (out of 51)
 

Fortify on Demand Cons review quotes

Jonathan Steyn - PeerSpot reviewer
Aug 12, 2024
The cybersecurity specialist or AppSec would need a bit of training to engage the user interface and to understand how it functions.
Read full review
reviewer1050960 - PeerSpot reviewer
May 15, 2019
Primarily for a complex, advanced website, they don't really understand some of the functionalities. So for instance, they could tell us that there is a vulnerability because somebody could possibly do something, but they don't really understand the code to realize that we actually negate that vulnerability through some other mechanism in the program. In addition, the technical support is just not there. We have open tickets. They don't respond. Even if they respond, we're not seeing eye to eye. As the company got sold and bought, the support got worse.
Read full review
CP
Jul 6, 2023
Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify.
Read full review
Buyer's Guide
Fortify on Demand
November 2024
Free Report: Fortify on Demand Reviews and More
Learn what your peers think about Fortify on Demand. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
DOWNLOAD NOW
816,406 professionals have used our research since 2012.
DV
Dec 16, 2020
During development, when our developer makes changes to their code, they typically use GitHub or GitLab to track those changes. However, proper integration between Fortify on Demand and GitHub and GitLab is not there yet. Improved integration would be very valuable to us.
Read full review
reviewer1078392 - PeerSpot reviewer
Dec 6, 2020
They have a release coming out, which is full of new features. Based on their roadmap, there's nothing that I would suggest for them to put in it that they haven't already suggested. However, I am a customer, so I always think the pricing is something that could be improved. I am working with them on that, and they're very flexible. They work with their customers and kind of tailor the product to the customer's needs. So far, I am very happy with what they're able to provide. Their subscriptions could use a little bit of a reworking, but that would be about it.
Read full review
reviewer1263261 - PeerSpot reviewer
Jan 12, 2020
This solution would be improved if the code-quality perspective were added to it, on top of the security aspect.
Read full review
JM
Aug 14, 2018
It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the overall time span to scan the code, and even to set up the code scanning, is a bit overwhelming for regular developers.
Read full review
Jayashree Acharyya - PeerSpot reviewer
Sep 8, 2021
Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve.
Read full review
it_user625875 - PeerSpot reviewer
Oct 28, 2018
There were some regulated compliances, which were not there.
Read full review
FC
Jan 28, 2021
There's a bit of a learning curve. Our development team is struggling with following the rules and following the new processes.
Read full review
Show 10 more reviews (out of 50)

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs Fortify on Demand Logo
SonarQube Server (formerly SonarQube) vs Fortify on Demand
Veracode vs Fortify on Demand Logo
Veracode vs Fortify on Demand
GitLab vs Fortify on Demand Logo
GitLab vs Fortify on Demand
Checkmarx One vs Fortify on Demand Logo
Checkmarx One vs Fortify on Demand
Snyk vs Fortify on Demand Logo
Snyk vs Fortify on Demand
Mend.io vs Fortify on Demand Logo
Mend.io vs Fortify on Demand
Sonatype Lifecycle vs Fortify on Demand Logo
Sonatype Lifecycle vs Fortify on Demand
Acunetix vs Fortify on Demand Logo
Acunetix vs Fortify on Demand
PortSwigger Burp Suite Professional vs Fortify on Demand Logo
PortSwigger Burp Suite Professional vs Fortify on Demand
HCL AppScan vs Fortify on Demand Logo
HCL AppScan vs Fortify on Demand
GitHub Advanced Security vs Fortify on Demand Logo
GitHub Advanced Security vs Fortify on Demand
Qualys Web Application Scanning vs Fortify on Demand Logo
Qualys Web Application Scanning vs Fortify on Demand
GitHub vs Fortify on Demand Logo
GitHub vs Fortify on Demand
Klocwork vs Fortify on Demand Logo
Klocwork vs Fortify on Demand
Tenable.io Web Application Scanning vs Fortify on Demand Logo
Tenable.io Web Application Scanning vs Fortify on Demand
See all alternatives

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs Fortify on Demand Logo
SonarQube Server (formerly SonarQube) vs Fortify on Demand
Veracode vs Fortify on Demand Logo
Veracode vs Fortify on Demand
GitLab vs Fortify on Demand Logo
GitLab vs Fortify on Demand
Checkmarx One vs Fortify on Demand Logo
Checkmarx One vs Fortify on Demand
Snyk vs Fortify on Demand Logo
Snyk vs Fortify on Demand
Mend.io vs Fortify on Demand Logo
Mend.io vs Fortify on Demand
Sonatype Lifecycle vs Fortify on Demand Logo
Sonatype Lifecycle vs Fortify on Demand
Acunetix vs Fortify on Demand Logo
Acunetix vs Fortify on Demand
PortSwigger Burp Suite Professional vs Fortify on Demand Logo
PortSwigger Burp Suite Professional vs Fortify on Demand
HCL AppScan vs Fortify on Demand Logo
HCL AppScan vs Fortify on Demand
GitHub Advanced Security vs Fortify on Demand Logo
GitHub Advanced Security vs Fortify on Demand
Qualys Web Application Scanning vs Fortify on Demand Logo
Qualys Web Application Scanning vs Fortify on Demand
GitHub vs Fortify on Demand Logo
GitHub vs Fortify on Demand
Klocwork vs Fortify on Demand Logo
Klocwork vs Fortify on Demand
Tenable.io Web Application Scanning vs Fortify on Demand Logo
Tenable.io Web Application Scanning vs Fortify on Demand
See all alternatives
Related questions
  • 52
What Is The Biggest Difference Between Fortify on Demand And SonarQube?
  • 14
What are the costs for Micro Focus Fortify on Demand?
  • 997
If you had to both encrypt and compress data during transmission, which would you do first and why?
  • 104
When evaluating Application Security, what aspect do you think is the most important to look for?
  • 212
What are the Top 5 cybersecurity trends in 2022?
  • 175
What are the threats associated with using ‘bogus’ cybersecurity tools?
  • 28
Which application security solutions include both vulnerability scans and quality checks?
  • 78
We're evaluating Tripwire, what else should we consider?
  • 2,251
Is SonarQube the best tool for static analysis?
  • 48
Why Do I Need Application Security Software?