We performed a comparison between Fortify on Demand and GitHub Advanced Security based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."This product is top-notch solution and the technology is the best on the market."
"Audit workbench: for on-the-fly defect auditing."
"There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do."
"While using Micro Focus Fortify on Demand we have been very happy with the results and findings."
"Micro Focus WebInspect and Fortify code analysis tools are fully integrated with SSC portals and can instantly register to error tracking systems, like TFS and JIRA."
"Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning."
"Each bank may have its own core banking applications with proprietary support for different programming languages. This makes Fortify particularly relevant and advantageous in those cases."
"Fortify supports most languages. Other tools are limited to Java and other typical languages. IBM's solutions aren't flexible enough to support any language. Fortify also integrates with lots of tools because it has API support."
"The product's most valuable features are security scan, dependency scan, and cost-effectiveness."
"Dependency scanning is a valuable feature."
"It ensures user passwords or sensitive information are not accidentally exposed in code or reports."
"GitHub provides advanced security, which is why the customers choose this tool; it allows them to rely solely on GitHub as one platform for everything they need."
"The most valuable is the developer experience and the extensibility of the overall ecosystem."
"It is a stable solution...It is a scalable solution as it can handle new applications along with the analysis part."
"In terms of what could be improved, we need more strategic analysis reports, not just for one specific application, but for the whole enterprise. In the next release, we need more reports and more analytic views for all the applications. There is no enterprise view in Fortify. I would like enterprise views and reports."
"The technical support is actually a problem that needs to be addressed. Since the acquisition and merger with Hewlett Packard, it has been really hard to know who the technical or salesperson to talk to."
"There are lots of limitations with code technology. It cannot scan .net properly either."
"Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify."
"It lacks of some important features that the competitors have, such as Software Composition Analysis, full dead code detection, and Agile Alliance's Best Practices and Technical Debt."
"They have a release coming out, which is full of new features. Based on their roadmap, there's nothing that I would suggest for them to put in it that they haven't already suggested. However, I am a customer, so I always think the pricing is something that could be improved. I am working with them on that, and they're very flexible. They work with their customers and kind of tailor the product to the customer's needs. So far, I am very happy with what they're able to provide. Their subscriptions could use a little bit of a reworking, but that would be about it."
"I would like to see improvement in CI integration and integration with GitLab or Jenkins. It needs to be more simple."
"Fortify on Demand could be improved with support in Russia."
"There could be a centralized dashboard to view reports of all the projects on one platform."
"There could be DST features included in the product."
"The customizations are a little bit difficult."
"The report limitations are the main issue."
"A more refined approach, categorizing and emphasizing specific vulnerabilities, would be beneficial."
"The deployment part of the product is an area of concern that needs to be made easier from an improvement perspective."
Fortify on Demand is ranked 10th in Application Security Tools with 57 reviews while GitHub Advanced Security is ranked 14th in Application Security Tools with 6 reviews. Fortify on Demand is rated 8.0, while GitHub Advanced Security is rated 9.0. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of GitHub Advanced Security writes "A tool that provides ease of integration with the set of existing codes in an infrastructure". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and Tenable.io Web Application Scanning, whereas GitHub Advanced Security is most compared with SonarQube, Snyk, Veracode, Checkmarx One and GitLab. See our Fortify on Demand vs. GitHub Advanced Security report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.