We performed a comparison between Fortify on Demand and Mend.io based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that."
"The quality of application security testing reduces risk and gives very few false positives."
"The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product)."
"It improves future security scans."
"The solution is user-friendly."
"I don’t know of any other On-Demand enterprise solution like this one where we can load the details and within a few days, receive the results of intrusion attacks, and work with HP Security Experts when needed for clarification"
"We identified a lot of security vulnerability much earlier in the development and could fix this well before the product was rolled out to a huge number of clients."
"The most valuable features are the server, scanning, and it has helped identify issues with the security analysis."
"The overall support that we receive is pretty good. "
"Our dev team uses the fix suggestions feature to quickly find the best path for remediation."
"The reporting capability gives us the option to generate an open-source license report in a single click, which gets all copyright and license information, including dependencies."
"We use a lot of open sources with a variety of containers, and the different open sources come with different licenses. Some come with dual licenses, some are risky and some are not. All our three use cases are equally important to us and we found WhiteSource handles them decently."
"The most valuable feature is the unified JAR to scan for all langs (wss-scanner jar)."
"WhiteSource helped reduce our mean time to resolution since the adoption of the product."
"For us, the most valuable tool was open-source licensing analysis."
"The solution is scalable."
"In terms of what could be improved, we need more strategic analysis reports, not just for one specific application, but for the whole enterprise. In the next release, we need more reports and more analytic views for all the applications. There is no enterprise view in Fortify. I would like enterprise views and reports."
"The reporting capabilities need improvement, as there are some features that we would like to have but are not available at the moment."
"It natively supports only a few languages. They can include support for more native languages. The response time from the support team can also be improved. They can maybe include video tutorials explaining the remediation process. The remediation process is sometimes not that clear. It would be helpful to have videos. Sometimes, the solution that the tool gives in the GUI is not straightforward to understand for the developer. At present, for any such issues, you have to create a ticket for the support team and request help from the support team."
"They have very good support, but there is always room for improvement."
"Not fully integrated with CIT processes."
"We typically do our bulk uploads of our scans with some automation at the end of the development cycle but the scanning can take a lot of time. If you were doing all of it at regular intervals it would still consume a lot of time. This could procedure could improve."
"Micro Focus Fortify on Demand could improve the reports. They could benefit from being more user-friendly and intuitive."
"Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify."
"They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application."
"The initial setup could be simplified."
"Needs better ACL and more role definitions. This product could be used by large organisations and it definitely needs a better role/action model."
"It would be nice to have a better way to realize its full potential and translate it within the UI or during onboarding."
"If anything, I would spend more time making this more user-friendly, better documenting the CLI, and adding more examples to help expand the current documentation."
"I would like to have an additional compliance pack. Currently, it does not have anything for the CIS framework or the NIST framework. If we directly run a scan, and it is under the CIS framework, we can directly tell the auditor that this product is now CIS compliant."
"Mend lets you create custom policies. They're not too complicated to set up, but it would be helpful if they had some preconfigured policies to match what we have in Azure DevOps. That would save us a lot of time. It's tedious to configure the policies manually, and I lack the capacity to do it right now. Other products have preconfigured packs and templates, and Mend doesn't."
"I would like to see the static analysis included with the open-source version."
Fortify on Demand is ranked 10th in Application Security Tools with 57 reviews while Mend.io is ranked 5th in Application Security Tools with 29 reviews. Fortify on Demand is rated 8.0, while Mend.io is rated 8.4. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and SonarCloud, whereas Mend.io is most compared with SonarQube, Black Duck, Veracode, Snyk and Jscrambler. See our Fortify on Demand vs. Mend.io report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.