We performed a comparison between Black Duck and Fortify Static Code Analyzer based on real PeerSpot user reviews.
Find out what your peers are saying about Synopsys, Snyk, Veracode and others in Software Composition Analysis (SCA)."The solution is stable."
"The stability is okay."
"The product enables other applications to be secure."
"The installation is very easy."
"I like the fact that the product auto analyzes components."
"The most valuable feature is the vulnerability scanning, and that it's easy to use."
"The knowledge base and the management system are the most valuable features of Black Duck Hub. It has a very helpful management environment. They offer an editor where we can check the discovered license, which is retrieved from their knowledge base. They have a huge knowledge base build over the years. It gives you some possibilities, such as this license with possibility A could cause a vulnerability issue or a potential breach."
"The most valuable feature of Black Duck is the seamless integration to scan our Docker binary files, it provides us all open vulnerabilities, and it ensures a reference point from where it finds the vulnerability is up to date. For example, if there is any new vulnerability found, they are immediately available in the Black Duck. There is no delay in finding the vulnerabilities, they are called out in our code immediately."
"Integrating the Fortify Static Code Analyzer into our software development lifecycle was straightforward. It highlights important information beyond just syntax errors. It identifies issues like password credentials and access keys embedded in the code."
"Automating the Jenkins plugins and the build title is a big plus."
"We've found the documentation to be very good."
"Its flexibility is most valuable. It is such a flexible tool. It can be implemented in a number of ways. It can do anything you want it to do. It can be fully automated within a DevOps pipeline. It can also be used in an ad hoc, special test case scenario and anywhere in between."
"The integration Subset core integration, using Jenkins is one of the good features."
"The reference provided for each issue is extremely helpful."
"We write software, and therefore, the most valuable aspect for us is basically the code analysis part."
"The Software Security Center, which is often overlooked, stands out as the most effective feature."
"The documentation is quite scattered."
"The product's pricing is higher compared to other competitor products."
"Black Duck can improve the time it takes for a scan. Most of the time it's not ideal when integrated with the live DevSecOps pipeline. We have to create a separate job to scan the library because it takes a couple of hours to scan all those libraries. The scanning could be faster."
"We have been having some issues with the latest releases where we are not able to scan our applications with the help of Black Duck."
"It's still a bit inconsistent. For example, if I scan today, it might not show the same results tomorrow."
"The solution must provide more open APIs."
"The tool's documentation and support are areas of concern where improvements are required."
"The scanner client is limited by the size of software it can handle."
"The pricing is a bit high."
"The price can be improved."
"Fortify Static Code Analyzer is a good solution, but sometimes we receive false positives. If they could reduce the number of false positives it would be good."
"The troubleshooting capabilities of this solution could be improved. This would reduce the number of cases that users have to submit."
"The generation of false positives should be reduced."
"The product shows false positives for Python applications."
"Their licensing is expensive."
"Not all languages are supported in Fortify."
Black Duck is ranked 1st in Software Composition Analysis (SCA) with 19 reviews while Fortify Static Code Analyzer is ranked 3rd in Static Code Analysis with 13 reviews. Black Duck is rated 7.8, while Fortify Static Code Analyzer is rated 8.4. The top reviewer of Black Duck writes "Enables applications to be secure, but it must provide more open APIs". On the other hand, the top reviewer of Fortify Static Code Analyzer writes "Seamless to integrate and identify vulnerabilities and frees up staff time". Black Duck is most compared with Snyk, JFrog Xray, Mend.io, FOSSA and Sonatype Lifecycle, whereas Fortify Static Code Analyzer is most compared with Snyk, Veracode, Sonatype Lifecycle, GitLab and Mend.io.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.