We performed a comparison between Checkmarx and Micro Focus Fortify on Demand based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions are very comparable. All categories received similar ratings except that Checkmarx got better rewviews on deployment and support.
"Less false positive errors as compared to any other solution."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"Apart from software scanning, software composition scanning is valuable."
"The UI is user-friendly."
"From my point of view, it is the best product on the market."
"The most valuable features of Micro Focus Fortify on Demand have been SAT analysis and application security."
"Speed and efficiency are great features."
"Each bank may have its own core banking applications with proprietary support for different programming languages. This makes Fortify particularly relevant and advantageous in those cases."
"While using Micro Focus Fortify on Demand we have been very happy with the results and findings."
"t's a cloud-based solution, so there was no installation involved."
"I do not remember any issues with stability."
"The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product)."
"The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it."
"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"Checkmarx could improve by reducing the price."
"Checkmarx could improve the speed of the scans."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"Checkmarx could improve the REST APIs by including automation."
"Updating and debugging of queries is not very convenient."
"The cost per user is high and should be reduced."
"An improvement would be the ability to get vulnerabilities flowing automatically into another system."
"Reporting could be improved."
"The reporting capabilities need improvement, as there are some features that we would like to have but are not available at the moment."
"We typically do our bulk uploads of our scans with some automation at the end of the development cycle but the scanning can take a lot of time. If you were doing all of it at regular intervals it would still consume a lot of time. This could procedure could improve."
"In terms of what could be improved, we need more strategic analysis reports, not just for one specific application, but for the whole enterprise. In the next release, we need more reports and more analytic views for all the applications. There is no enterprise view in Fortify. I would like enterprise views and reports."
"I would like the solution to add AI support."
"Takes up a lot of resources which can slow things down."
"There are many false positives identified by the solution."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Fortify on Demand is ranked 10th in Application Security Tools with 56 reviews. Checkmarx One is rated 7.6, while Fortify on Demand is rated 8.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". Checkmarx One is most compared with SonarQube, Veracode, Snyk, Coverity and Mend.io, whereas Fortify on Demand is most compared with SonarQube, Veracode, Coverity, Fortify WebInspect and Snyk. See our Checkmarx One vs. Fortify on Demand report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.