We performed a comparison between MicroFocus Fortify on Demand and Veracode based on our users’ reviews in four categories. After reading the collected data, you can find our conclusion below.
Comparison Results: Veracode nudges ahead of Microfocus Fortify on Demand in this comparison. Veracode users feel the solution enables them to analyze every security flaw, discrepancy, and vulnerability, and feel the reporting is very concise. Microfocus can be very taxing on resources and can potentially slow processes down considerably.
"The UL is easy to use compared to that of other tools, and it is highly reliable. The findings provide a lower number of false positives."
"It helps deploy and track changes easily as per time-to-time market upgrades."
"Audit workbench: for on-the-fly defect auditing."
"Fortify supports most languages. Other tools are limited to Java and other typical languages. IBM's solutions aren't flexible enough to support any language. Fortify also integrates with lots of tools because it has API support."
"It is a very easy tool for developers to use in parallel while they're doing the coding. It does auto scanning as we are progressing with the CI/CD pipeline. It has got very simple and efficient API support."
"The static code analyzers are the most valuable features of this solution."
"Fortify on Demand is easy to use and the reporting is good."
"The licensing was good."
"From a developer's perspective, Veracode's greenlight feature on the IDE is helpful. It helps the developer to be more proactive in secure coding standards. Apart from that, static analysis scanning is definitely one of the top features of Veracode."
"Being able to scan our applications and identify all codes and defects is an extremely valuable feature."
"It's not "one policy fits all." I really like that Veracode allows me to set up specific policies that I can apply to applications."
"Provides the ability to understand the black zones in our system."
"The innovative features offered by Veracode are excellent."
"It has given our management a view into issues with all of our product lines. We have three products and all of them were scanned. As a result, the project lead for each product has taken measures to improve things."
"I can have quick results by just uploading compiled components."
"Veracode's cloud-based approach, coupled with the appliance that lets us use Veracode to scan internal-only web applications, has provided a seamless, always-up-to-date application security scanning solution."
"Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify."
"It does scanning for all virtual machines and other things, but it doesn't do the scanning for containers. It currently lacks the ability to do the scanning on containers. We're asking their product management team to expand this capability to containers."
"With Rapid7 I utilized its reporting capabilities to deliver Client Reports within just a few minutes of checking the data. I believe that HP’s FoD Clients could sell more services to clients if HP put more effort into delivering visually pleasing reporting capabilities."
"There are lots of limitations with code technology. It cannot scan .net properly either."
"Micro Focus Fortify on Demand could improve the reports. They could benefit from being more user-friendly and intuitive."
"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."
"If you have a continuous integration in place, for example, and you want it to run along with your build and you want it to be fast, you're not going to get it. It adds to your development time."
"There's a bit of a learning curve. Our development team is struggling with following the rules and following the new processes."
"It needs better controls to include/exclude specific sections when creating a report that can be shared externally with customers and prospects."
"We connected with Veracode's support a couple of times, and we got a different answer each time."
"An area for improvement I found in Veracode is the connectivity because currently, my company uses a plugin for the dev-ops cloud-based connectivity. A pretty helpful feature would be if Veracode gives a direct code for connecting to the Oracle server directly and authenticating it via a unique server."
"It would be nice if Veracode were bundled with some preferred vendors like Salesforce and offered at a discount."
"Veracode can be improved in terms of software composition analysis and related vulnerabilities."
"I've found that Veracode is not particularly suitable for Dynamic Application Security Testing."
"There are times when certain modules cannot be scanned automatically, requiring us to manually select these modules and initiate the scanning process on our side."
"The documentation is poor and the technical support isn't helpful."
Fortify on Demand is ranked 10th in Application Security Tools with 56 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Fortify on Demand is rated 8.0, while Veracode is rated 8.2. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Fortify on Demand is most compared with SonarQube, Checkmarx One, Coverity, Fortify WebInspect and Snyk, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, OWASP Zap and Fortify Static Code Analyzer. See our Fortify on Demand vs. Veracode report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
