SonarQube is a self-managed open-source platform that helps developers create code devoid of quality and vulnerability issues. By integrating seamlessly with the top DevOps platforms in the Continuous Integration (CI) pipeline, SonarQube continuously inspects projects across multiple programming languages, providing immediate status feedback while coding. SonarQube’s quality gates become part of your release pipeline, displaying pass/fail results for new code based on quality profiles you customize to your company standards. Following Sonar’s Clean as You Code methodology guarantees that only software of the highest quality makes it to production.
This product is open source and very convenient.
This is open source.
This product is open source and very convenient.
This is open source.
Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-generated remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achieve real-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.
Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background.
The pricing is pretty high.
Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background.
The pricing is pretty high.
Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.
The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security.
I believe pricing is better compared to other commercial tools.
The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security.
I believe pricing is better compared to other commercial tools.
Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts.
The price of this solution is negotiable, depending on the size of the organization.
Coverity is quite expensive.
The price of this solution is negotiable, depending on the size of the organization.
Coverity is quite expensive.
Mend.io is a software composition analysis tool that secures what developers create. The solution provides an automated reduction of the software attack surface, reduces developer burdens, and accelerates app delivery. Mend.io provides open-source analysis with its in-house and other multiple sources of software vulnerabilities. In addition, the solution offers license and policy violation alerts, has great pipeline integration, and, since it is a SaaS (software as a service), it doesn’t require you to physically maintain servers or data centers for any implementation. Not only does Mend.io reduce enterprise application security risk, it also helps developers meet deadlines faster.
We are paying a lot of money to use WhiteSource. In our company, it is not easy to argue that it is worth the price.
The version that we are using, WhiteSource Bolt, is a free integration with Azure DevOps.
We are paying a lot of money to use WhiteSource. In our company, it is not easy to argue that it is worth the price.
The version that we are using, WhiteSource Bolt, is a free integration with Azure DevOps.
Fortify on Demand is a web application security testing tool that enables continuous monitoring. The solution is designed to help you with security testing, vulnerability management and tailored expertise, and is able to provide the support needed to easily create, supplement, and expand a software security assurance program without the need for additional infrastructure or resources.
We used the one-time application, Security Scan Dynamic. I believe the original fee was $8,000.
Buying a license would be feasible for regular use. For intermittent use, the cloud-based option can be used (Fortify on Demand).
We used the one-time application, Security Scan Dynamic. I believe the original fee was $8,000.
Buying a license would be feasible for regular use. For intermittent use, the cloud-based option can be used (Fortify on Demand).
Klocwork detects security, safety, and reliability issues in real-time by using this static code analysis toolkit that works alongside developers, finding issues as early as possible, and integrates with teams, supporting continuous integration and actionable reporting.
Klocwork should not to be quite so heavy handed on the licensing for very specific programs.
Licensing fees are paid annually, but they also have a perpetual license.
Klocwork should not to be quite so heavy handed on the licensing for very specific programs.
Licensing fees are paid annually, but they also have a perpetual license.
Micro Focus Security Fortify Application Defender is a runtime application self-protection (RASP) solution that helps you manage and mitigate risk from homegrown or third-party applications. It provides centralized visibility into application use and abuse while protecting from software vulnerability exploits and other violations in real time.
The base licensing costs for the SaaS platform is about $900 USD per application, per year.
The price of this solution could be less expensive.
The base licensing costs for the SaaS platform is about $900 USD per application, per year.
The price of this solution could be less expensive.
Software analytics technology with a breadth of third party integrations that takes into account the wealth of applications your teams are currently using.
Check with your account manager.
Nothing special. It's a very fair model.
Check with your account manager.
Nothing special. It's a very fair model.
BlueOptima's analytics platform empowers software developers and their companies to create better software in the most time- and cost-efficient way.