Our primary use case for this solution is static code analysis.
Head of Compliance & Quality / CISO at a tech services company with 51-200 employees
Has improved our security through static code analysis
Pros and Cons
- "The static code analyzers are the most valuable features of this solution."
- "The reporting capabilities need improvement, as there are some features that we would like to have but are not available at the moment."
What is our primary use case?
How has it helped my organization?
This solution has helped us to improve our security processes.
What is most valuable?
The static code analyzers are the most valuable features of this solution.
What needs improvement?
The reporting capabilities need improvement, as there are some features that we would like to have but are not available at the moment. It needs a better configuration and more options for reports.
Buyer's Guide
Fortify on Demand
December 2024
Learn what your peers think about Fortify on Demand. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
For how long have I used the solution?
Four months.
What do I think about the stability of the solution?
The solution is working, so I would say that its stability is fine.
What do I think about the scalability of the solution?
We have approximately twenty users who perform code scanning. They are developers and security experts. We do plan to increase our usage of this solution in the future.
How are customer service and support?
Technical support for this solution is fine.
How was the initial setup?
The initial setup of this solution is straightforward.
It took approximately two hours to deploy, and because it is a cloud-based solution it does not require anybody for maintenance.
What about the implementation team?
We handled the implementation in-house.
What was our ROI?
All I can say is that it is reducing security issues.
Which other solutions did I evaluate?
We evaluated Veracode before choosing this solution.
What other advice do I have?
This solution works, so I suggest using it.
I would rate this solution an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Manager at a tech services company with 10,001+ employees
It addresses the source code scanning and dynamic scanning in a known, correlated way.
Valuable Features
It's one of the leaders in the application security space. I've used Fortify since 2007, and I think the most valuable feature is its ability to address the source code scanning and dynamic scanning in a known, correlated way. I think the best way to address application security is to have multiple types of scanning and a unified view for the customer.
Improvements to My Organization
It's forced the incorporation of security in the development process. That's really the biggest benefit for us.
Room for Improvement
It could use better integration with the incident management processor. This would allow us to understand the vulnerabilities that arise in the software and how they're linked to the incident management center.
Deployment Issues
The deployment has not had issues.
Stability Issues
It is a quite stable solution.
Scalability Issues
It's quite scalable and addresses a huge volume.
Customer Service and Technical Support
It's good, but could be better to align with other main vendors, such as IBM.
Initial Setup
It's not straightforward, but it's not complex either. It could also be improved.
Other Solutions Considered
I'm very familiar with IBM and Barracuda and others. I always know HP's competition, but I feel most comfortable with HP.
Other Advice
My advice would be to look not only at the software, but also at the processor and the people who will be using the software. You should buy not just the software, but also the services to train people to use it.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Fortify on Demand
December 2024
Learn what your peers think about Fortify on Demand. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Information Security Manager at a tech services company with 501-1,000 employees
Easy to set up, stable and scalable
Pros and Cons
- "It's a stable and scalable solution."
- "Reporting could be improved."
What is our primary use case?
We use Micro Focus Fortify on Demand to access web applications and more.
What needs improvement?
Reporting could be improved. It would nice to export to an Excel sheet or another spreadsheet. At the moment, my only option is a PDF.
Micro Focus Fortify on Demand is tailored towards more web application APIs, and I would like to see mobile applications added to the next release.
For how long have I used the solution?
We've been using Micro Focus Fortify on Demand for almost two years.
What do I think about the stability of the solution?
Focus Fortify on Demand is a stable solution.
What do I think about the scalability of the solution?
Focus Fortify on Demand is a scalable solution.
How was the initial setup?
The setup and installation were straightforward.
What other advice do I have?
On a scale from one to ten, I'll give it an eight.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Fortify on Demand Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Popular Comparisons
SonarQube Server (formerly SonarQube)
Veracode
Checkmarx One
Mend.io
Sonatype Lifecycle
Acunetix
PortSwigger Burp Suite Professional
GitHub Advanced Security
HCL AppScan
Qualys Web Application Scanning
Klocwork
Tenable.io Web Application Scanning
Buyer's Guide
Download our free Fortify on Demand Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between Fortify on Demand And SonarQube?
- What are the costs for Micro Focus Fortify on Demand?
- If you had to both encrypt and compress data during transmission, which would you do first and why?
- When evaluating Application Security, what aspect do you think is the most important to look for?
- What are the Top 5 cybersecurity trends in 2022?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- Which application security solutions include both vulnerability scans and quality checks?
- We're evaluating Tripwire, what else should we consider?
- Is SonarQube the best tool for static analysis?
- Why Do I Need Application Security Software?
In terms of integration with SIM/SIEM solution, what do you use?