Try our new research platform with insights from 80,000+ expert users
Fortify on Demand Logo

Fortify on Demand pros and cons

Vendor: OpenText
4.0 out of 5
4,185 followers
Post review

Pros & Cons summary

Fortify on Demand offers comprehensive vulnerability scanning during development with clear remediation suggestions and integration with tools like TFS and JIRA. It supports various programming languages and improves security posture through robust analysis. Cloud-based ease of use eliminates local installation. Challenges include learning curves, latency, and integration with CI/CD pipelines. Issues with false positives and reporting capabilities affect efficiency but users report significant time savings.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Fortify on Demand provides comprehensive security testing that significantly reduces risk and false positives.
Integration with development platforms like TFS and JIRA makes vulnerability management efficient.
Cloud-based deployment eliminates local installation, offering scalability and easy setup.
Automatic and background scanning capabilities streamline code security during development.
Fortify on Demand supports continuous updates to stay compliant with the latest technologies and languages.

CONS

Fortify on Demand can be slow to support new technologies or new software versions.
There is a need for improved integration with bug tracker systems and CI/CD pipelines.
The scanning process is time-consuming and complex for regular developers.
Technical support has been lacking, particularly post-acquisition.
There are frequent false positives reported during scans.
 

Fortify on Demand Pros review quotes

Jonathan Steyn - PeerSpot reviewer
Aug 12, 2024
The source code analyzer is the most effective for identifying security vulnerabilities.
Read full review
reviewer1050960 - PeerSpot reviewer
May 15, 2019
The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it.
Read full review
CP
Jul 6, 2023
Each bank may have its own core banking applications with proprietary support for different programming languages. This makes Fortify particularly relevant and advantageous in those cases.
Read full review
Buyer's Guide
Fortify on Demand
February 2025
Free Report: Fortify on Demand Reviews and More
Learn what your peers think about Fortify on Demand. Get advice and tips from experienced pros sharing their opinions. Updated: February 2025.
DOWNLOAD NOW
838,640 professionals have used our research since 2012.
DV
Dec 16, 2020
One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that.
Read full review
reviewer1078392 - PeerSpot reviewer
Dec 6, 2020
Being able to reduce risk overall is a very valuable feature for us.
Read full review
reviewer1263261 - PeerSpot reviewer
Jan 12, 2020
The most valuable feature is that it connects with your development platforms, such as Microsoft Information Server and Jira.
Read full review
JM
Aug 14, 2018
One of the valuable features is the ability to submit your code and have it run in the background. Then, if something comes up that is more specific, you have the security analyst who can jump in and help, if needed.
Read full review
Jayashree Acharyya - PeerSpot reviewer
Sep 8, 2021
Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning.
Read full review
it_user625875 - PeerSpot reviewer
Oct 28, 2018
I do not remember any issues with stability.
Read full review
FC
Jan 28, 2021
The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation.
Read full review
Show 10 more reviews (out of 52)
 

Fortify on Demand Cons review quotes

Jonathan Steyn - PeerSpot reviewer
Aug 12, 2024
The cybersecurity specialist or AppSec would need a bit of training to engage the user interface and to understand how it functions.
Read full review
reviewer1050960 - PeerSpot reviewer
May 15, 2019
Primarily for a complex, advanced website, they don't really understand some of the functionalities. So for instance, they could tell us that there is a vulnerability because somebody could possibly do something, but they don't really understand the code to realize that we actually negate that vulnerability through some other mechanism in the program. In addition, the technical support is just not there. We have open tickets. They don't respond. Even if they respond, we're not seeing eye to eye. As the company got sold and bought, the support got worse.
Read full review
CP
Jul 6, 2023
Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify.
Read full review
Buyer's Guide
Fortify on Demand
February 2025
Free Report: Fortify on Demand Reviews and More
Learn what your peers think about Fortify on Demand. Get advice and tips from experienced pros sharing their opinions. Updated: February 2025.
DOWNLOAD NOW
838,640 professionals have used our research since 2012.
DV
Dec 16, 2020
During development, when our developer makes changes to their code, they typically use GitHub or GitLab to track those changes. However, proper integration between Fortify on Demand and GitHub and GitLab is not there yet. Improved integration would be very valuable to us.
Read full review
reviewer1078392 - PeerSpot reviewer
Dec 6, 2020
They have a release coming out, which is full of new features. Based on their roadmap, there's nothing that I would suggest for them to put in it that they haven't already suggested. However, I am a customer, so I always think the pricing is something that could be improved. I am working with them on that, and they're very flexible. They work with their customers and kind of tailor the product to the customer's needs. So far, I am very happy with what they're able to provide. Their subscriptions could use a little bit of a reworking, but that would be about it.
Read full review
reviewer1263261 - PeerSpot reviewer
Jan 12, 2020
This solution would be improved if the code-quality perspective were added to it, on top of the security aspect.
Read full review
JM
Aug 14, 2018
It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the overall time span to scan the code, and even to set up the code scanning, is a bit overwhelming for regular developers.
Read full review
Jayashree Acharyya - PeerSpot reviewer
Sep 8, 2021
Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve.
Read full review
it_user625875 - PeerSpot reviewer
Oct 28, 2018
There were some regulated compliances, which were not there.
Read full review
FC
Jan 28, 2021
There's a bit of a learning curve. Our development team is struggling with following the rules and following the new processes.
Read full review
Show 10 more reviews (out of 51)

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs Fortify on Demand Logo
SonarQube Server (formerly SonarQube) vs Fortify on Demand
GitLab vs Fortify on Demand Logo
GitLab vs Fortify on Demand
Snyk vs Fortify on Demand Logo
Snyk vs Fortify on Demand
Checkmarx One vs Fortify on Demand Logo
Checkmarx One vs Fortify on Demand
Veracode vs Fortify on Demand Logo
Veracode vs Fortify on Demand
Mend.io vs Fortify on Demand Logo
Mend.io vs Fortify on Demand
Sonatype Lifecycle vs Fortify on Demand Logo
Sonatype Lifecycle vs Fortify on Demand
Acunetix vs Fortify on Demand Logo
Acunetix vs Fortify on Demand
GitHub Advanced Security vs Fortify on Demand Logo
GitHub Advanced Security vs Fortify on Demand
PortSwigger Burp Suite Professional vs Fortify on Demand Logo
PortSwigger Burp Suite Professional vs Fortify on Demand
HCL AppScan vs Fortify on Demand Logo
HCL AppScan vs Fortify on Demand
Qualys Web Application Scanning vs Fortify on Demand Logo
Qualys Web Application Scanning vs Fortify on Demand
GitHub vs Fortify on Demand Logo
GitHub vs Fortify on Demand
Klocwork vs Fortify on Demand Logo
Klocwork vs Fortify on Demand
Tenable.io Web Application Scanning vs Fortify on Demand Logo
Tenable.io Web Application Scanning vs Fortify on Demand
See all alternatives

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs Fortify on Demand Logo
SonarQube Server (formerly SonarQube) vs Fortify on Demand
GitLab vs Fortify on Demand Logo
GitLab vs Fortify on Demand
Snyk vs Fortify on Demand Logo
Snyk vs Fortify on Demand
Checkmarx One vs Fortify on Demand Logo
Checkmarx One vs Fortify on Demand
Veracode vs Fortify on Demand Logo
Veracode vs Fortify on Demand
Mend.io vs Fortify on Demand Logo
Mend.io vs Fortify on Demand
Sonatype Lifecycle vs Fortify on Demand Logo
Sonatype Lifecycle vs Fortify on Demand
Acunetix vs Fortify on Demand Logo
Acunetix vs Fortify on Demand
GitHub Advanced Security vs Fortify on Demand Logo
GitHub Advanced Security vs Fortify on Demand
PortSwigger Burp Suite Professional vs Fortify on Demand Logo
PortSwigger Burp Suite Professional vs Fortify on Demand
HCL AppScan vs Fortify on Demand Logo
HCL AppScan vs Fortify on Demand
Qualys Web Application Scanning vs Fortify on Demand Logo
Qualys Web Application Scanning vs Fortify on Demand
GitHub vs Fortify on Demand Logo
GitHub vs Fortify on Demand
Klocwork vs Fortify on Demand Logo
Klocwork vs Fortify on Demand
Tenable.io Web Application Scanning vs Fortify on Demand Logo
Tenable.io Web Application Scanning vs Fortify on Demand
See all alternatives
Related questions
  • 41
What Is The Biggest Difference Between Fortify on Demand And SonarQube?
  • 12
What are the costs for Micro Focus Fortify on Demand?
  • 801
If you had to both encrypt and compress data during transmission, which would you do first and why?
  • 65
When evaluating Application Security, what aspect do you think is the most important to look for?
  • 146
What are the Top 5 cybersecurity trends in 2022?
  • 158
What are the threats associated with using ‘bogus’ cybersecurity tools?
  • 56
We're evaluating Tripwire, what else should we consider?
  • 16
Which application security solutions include both vulnerability scans and quality checks?
  • 1,830
Is SonarQube the best tool for static analysis?
  • 33
Why Do I Need Application Security Software?