We performed a comparison between CAST Highlight and Fortify on Demand based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The way it tells you which codebase is more ready for the cloud and which codebase is less ready is very valuable. It works seamlessly with most languages."
"The most valuable features of the CAST Highlight are the interface and there are three notations that are very simple to understand and communicate with."
"It offers good performance."
"The most valuable features of CAST Highlight are automation and speed."
"CAST Highlight is easy to use and has a good dashboard."
"The most valuable features are the server, scanning, and it has helped identify issues with the security analysis."
"The most valuable feature is that it connects with your development platforms, such as Microsoft Information Server and Jira."
"There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do."
"Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."
"The most valuable features of Micro Focus Fortify on Demand have been SAT analysis and application security."
"One of the valuable features is the ability to submit your code and have it run in the background. Then, if something comes up that is more specific, you have the security analyst who can jump in and help, if needed."
"Fortify on Demand's best feature is that there's no need to install and configure it locally since it's on the cloud."
"The solution is user-friendly. One feature I find very effective is the tool's automatic scanning capability. It scans replicas of the code developers write and automatically detects any vulnerabilities. The integration with CI/CD tools is also useful for plugins."
"The ease of configuration and customization could be improved in CAST Highlight."
"There's a bit of a learning curve at the outset."
"CAST Highlight could improve to allow us to comment and do a deep analysis by ourselves."
"The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user."
"Its price should be better. It is a pretty costly tool. They have two products: CAST Highlight and CAST AIP. I would expect CAST Highlight to have the Help dashboard and the Engineering dashboard. These dashboards are currently a part of CAST AIP, and if these are made available in CAST Highlight, customers won't have to use two different products all the time."
"The UI could be better. Fortify should also suggest new packages in the product that can be upgraded. Currently, it shows that, but it's not visible enough. In future versions, I would like more insights about the types of vulnerabilities and the pages associated with the exact CVE."
"It natively supports only a few languages. They can include support for more native languages. The response time from the support team can also be improved. They can maybe include video tutorials explaining the remediation process. The remediation process is sometimes not that clear. It would be helpful to have videos. Sometimes, the solution that the tool gives in the GUI is not straightforward to understand for the developer. At present, for any such issues, you have to create a ticket for the support team and request help from the support team."
"They have very good support, but there is always room for improvement."
"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."
"Sometimes when we run a full scan, we have a bunch of issues in the code. We should not have any issues."
"This solution would be improved if the code-quality perspective were added to it, on top of the security aspect."
"Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify."
"The vulnerability analysis does not always provide guidelines for what the developer should do in order to correct the problem, which means that the code has to be manually inspected and understood."
CAST Highlight is ranked 13th in Software Composition Analysis (SCA) with 5 reviews while Fortify on Demand is ranked 8th in Application Security Tools with 57 reviews. CAST Highlight is rated 7.8, while Fortify on Demand is rated 8.0. The top reviewer of CAST Highlight writes "Easy to set up with optimized and automated insights". On the other hand, the top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". CAST Highlight is most compared with SonarQube, Snyk, Veracode, Black Duck and Checkmarx One, whereas Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and Fortify WebInspect. See our CAST Highlight vs. Fortify on Demand report.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.