We performed a comparison between Checkmarx and Micro Focus Fortify on Demand based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions are very comparable. All categories received similar ratings except that Checkmarx got better rewviews on deployment and support.
"The UI is very intuitive and simple to use."
"It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"The most valuable feature is that it actually identifies the different criteria you can set to meet whatever standards you're trying to get your system accredited for."
"Our static operation security has been able to identify more security issues since implementing this solution."
"Both automatic and manual code review (CxQL) are valuable."
"The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time."
"The SAST component was absolutely 100% stable."
"One of the valuable features is the ability to submit your code and have it run in the background. Then, if something comes up that is more specific, you have the security analyst who can jump in and help, if needed."
"The UL is easy to use compared to that of other tools, and it is highly reliable. The findings provide a lower number of false positives."
"Being able to reduce risk overall is a very valuable feature for us."
"The scanning capabilities, particularly for our repositories, have been invaluable."
"The vulnerability detection and scanning are awesome features."
"It is an extremely robust, scalable, and stable solution."
"The installation was easy."
"The most valuable feature of Micro Focus Fortify on Demand is the information it can provide. There is quite a lot of information. It can pinpoint right down to where the problem is, allowing you to know where to fix it. Overall the features are easy to use, you don't have to be a coder. You can be a manager, or in IT operations, et cetera, anyone can use it. It is quite a well-rounded functional solution."
"Checkmarx could improve the speed of the scans."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"I would like to see the rate of false positives reduced."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"Checkmarx needs to be more scalable for large enterprise companies."
"The pricing can get a bit expensive, depending on the company's size."
"Fortify on Demand could be improved with support in Russia."
"Reporting could be improved."
"Takes up a lot of resources which can slow things down."
"Primarily for a complex, advanced website, they don't really understand some of the functionalities. So for instance, they could tell us that there is a vulnerability because somebody could possibly do something, but they don't really understand the code to realize that we actually negate that vulnerability through some other mechanism in the program. In addition, the technical support is just not there. We have open tickets. They don't respond. Even if they respond, we're not seeing eye to eye. As the company got sold and bought, the support got worse."
"They could provide features for artificial intelligence similar to other vendors."
"The solution has some issues with latency. Sometimes it takes a while to respond. This issue should be addressed."
"The technical support is actually a problem that needs to be addressed. Since the acquisition and merger with Hewlett Packard, it has been really hard to know who the technical or salesperson to talk to."
"Not fully integrated with CIT processes."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Fortify on Demand is ranked 10th in Application Security Tools with 56 reviews. Checkmarx One is rated 7.6, while Fortify on Demand is rated 8.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". Checkmarx One is most compared with SonarQube, Veracode, Snyk, Coverity and Mend.io, whereas Fortify on Demand is most compared with SonarQube, Veracode, Coverity, Fortify WebInspect and Snyk. See our Checkmarx One vs. Fortify on Demand report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.