We performed a comparison between MicroFocus Fortify on Demand and Veracode based on our users’ reviews in four categories. After reading the collected data, you can find our conclusion below.
Comparison Results: Veracode nudges ahead of Microfocus Fortify on Demand in this comparison. Veracode users feel the solution enables them to analyze every security flaw, discrepancy, and vulnerability, and feel the reporting is very concise. Microfocus can be very taxing on resources and can potentially slow processes down considerably.
"Fortify helps us to stay updated with the newest languages and versions coming out."
"The SAST feature is the most valuable."
"It is a very easy tool for developers to use in parallel while they're doing the coding. It does auto scanning as we are progressing with the CI/CD pipeline. It has got very simple and efficient API support."
"The scanning capabilities, particularly for our repositories, have been invaluable."
"The most valuable features of Micro Focus Fortify on Demand have been SAT analysis and application security."
"Being able to reduce risk overall is a very valuable feature for us."
"The most valuable features are the server, scanning, and it has helped identify issues with the security analysis."
"The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it."
"Static code scanning is the most valuable feature."
"The solution can scan old databases and old code written 20 years back."
"It is scalable and quick to deploy into the site and the pipelines. The reports and analytics are good, and the false positive rate is low. It gives true results."
"The user interface is quick, familiar, and user-friendly and makes navigation to other software very easy."
"It gives feedback to developers on the effectiveness of their secure coding practices."
"It helps me to detect vulnerabilities."
"Veracode enables us to build a strong data security layer in our platforms. We can increase customer confidence in data security. Some PCI/HIPAA compliance issues were impossible to resolve without Veracode."
"For use cases where our company buys a product with the source code, but only the final executables or the binaries, only Veracode is able to work on that type of tool."
"We want a user-based control and role-based access for developers. We want to give limited access to developers so that it only pertains to the code that they write and scanning of the codes for any vulnerabilities as they're progressing with writing the code. As of now, the interface to give restricted access to the developers is not the best. It gives them more access than what is basically required, but we don't want over-provisioning and over-access."
"I would like the solution to add AI support."
"Not fully integrated with CIT processes."
"Micro Focus Fortify on Demand could improve the user interface by making it more user-friendly."
"The products must provide better integration with build tools."
"We would like a reduction in the time frame of scans. It takes us three to five days to run a scan now. We would like that reduced to under three days."
"Micro Focus Fortify on Demand could improve the reports. They could benefit from being more user-friendly and intuitive."
"Integration to CI/CD pipelines could be improved. The reporting format could be more user friendly so that it is easy to read."
"If you schedule two parallel scans under the same project, one of them will be a failure."
"The product has issues with scanning."
"One feature I would like would be more selectivity in email alerts. While I like getting these, I would like to be able to be more granular in which ones I receive."
"It does nearly everything, but penetration testing."
"One concern is that scans take a long time to run. We scan at the end of the day because we know it will take a lot of time. We leave it to run and the report will be generated by the next day when we arrive. The scanning time could be reduced."
"When we engaged Veracode to conduct the manual penetration testing, they were extremely slow in completing the task and delivering the report, causing a delay of two to three weeks for us."
"Searching for applications in Veracode is a little bit difficult. We have to minimize the length of an application's name to 47 characters. It would be good if this limit could be increased so that an application's name can be properly reflected in Veracode."
"Veracode's ability to fix flaws is less sophisticated than that of its competitors."
Fortify on Demand is ranked 10th in Application Security Tools with 56 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Fortify on Demand is rated 8.0, while Veracode is rated 8.2. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Fortify on Demand is most compared with SonarQube, Checkmarx One, Coverity, Fortify WebInspect and Snyk, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, OWASP Zap and Fortify Static Code Analyzer. See our Fortify on Demand vs. Veracode report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
