We compared Fortify on Demand and SonarQube based on our user's reviews in several parameters.
In summary, Fortify on Demand is praised for its robust security, comprehensive scanning capabilities, and prompt vulnerability reporting, with positive feedback on customer service and pricing. SonarQube stands out for its support for multiple languages, seamless integration, and comprehensive features, with exceptional customer service and positive feedback on pricing and ROI. Areas for improvement include enhancing performance and usability for Fortify on Demand, while SonarQube could focus on analysis speed, UI navigation, setup instructions, documentation, performance, and integration options.
Features: Fortify on Demand is highly appreciated for its robust security, comprehensive scanning capabilities, user-friendly interface, and timely vulnerability reporting. SonarQube stands out with its support for multiple languages, simplified design, integration with DevOps pipelines, and ability to detect vulnerabilities and code smells. Additionally, SonarQube offers configurability, flexibility, and a user-friendly interface.
Pricing and ROI: Fortify on Demand's users have found the setup costs to be manageable and appreciate the flexible licensing options. On the other hand, SonarQube's pricing is considered reasonable and competitive, and its setup cost is straightforward and easy. SonarQube also offers flexible licensing options to cater to different needs., Fortify on Demand users expressed satisfaction with the platform's effectiveness and value for their investment. SonarQube helped improve code quality, detect vulnerabilities, and ensure code compliance, resulting in cost savings and increased productivity.
Room for Improvement: Fortify on Demand could benefit from enhancements in performance, scanning capabilities, customization options, reporting features, and user interface. SonarQube should focus on improving analysis speed, user interface, setup instructions, documentation, performance, and integration options.
Deployment and customer support: The user reviews for Fortify on Demand and SonarQube show that the duration required to establish a new tech solution can vary between users. While both products have similar timeframes mentioned by users, Fortify on Demand has a wider range of deployment and setup durations compared to SonarQube., Fortify on Demand's customer service is praised for its prompt and helpful assistance. Users appreciate the attentiveness and expertise of the support team. SonarQube also receives praise for its exceptional customer service and support, with users acknowledging the prompt and knowledgeable assistance provided. The support team is commended for their responsiveness and willingness to go above and beyond.
The summary above is based on 51 interviews we conducted recently with Fortify on Demand and SonarQube users. To access the review's full transcripts, download our report.
"Micro Focus WebInspect and Fortify code analysis tools are fully integrated with SSC portals and can instantly register to error tracking systems, like TFS and JIRA."
"The SAST feature is the most valuable."
"It is an extremely robust, scalable, and stable solution."
"The UL is easy to use compared to that of other tools, and it is highly reliable. The findings provide a lower number of false positives."
"The most valuable features of Micro Focus Fortify on Demand have been SAT analysis and application security."
"I do not remember any issues with stability."
"We identified a lot of security vulnerability much earlier in the development and could fix this well before the product was rolled out to a huge number of clients."
"Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out."
"There are many options and examples available in the tool that help us fix the issues it shows us."
"All the features of the solution are quite good."
"The solution can verify vulnerabilities, code smells, and hotspots. It makes the software more secure and it helps make a junior or novice developer sharper."
"SonarQube is scalable. My company has 50 users."
"It has very good scalability and stability."
"This has improved our organization because it has helped to find Security Vulnerabilities."
"We've configured it to run on each commit, providing feedback on our software quality. ]"
"The most valuable features are that it is user-friendly, easy to access, and they provide good training files."
"Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify."
"In terms of what could be improved, we need more strategic analysis reports, not just for one specific application, but for the whole enterprise. In the next release, we need more reports and more analytic views for all the applications. There is no enterprise view in Fortify. I would like enterprise views and reports."
"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."
"Reporting could be improved."
"They could provide features for artificial intelligence similar to other vendors."
"The reporting capabilities need improvement, as there are some features that we would like to have but are not available at the moment."
"There were some regulated compliances, which were not there."
"It lacks of some important features that the competitors have, such as Software Composition Analysis, full dead code detection, and Agile Alliance's Best Practices and Technical Debt."
"There could be better integration with other products."
"We also use Fortify, which is another tool to find security errors. Fortify is a better security tool. It is better than SonarQube in finding errors. Sometimes, SonarQube doesn't find some of the errors that Fortify is able to find. Fortify also has a community, which SonarQube doesn't have. Its installation is a little bit complex. We need to install a database, install the product, and specify the version of the database and the product. They can simplify the installation and make it easier. We use docker for the installation because it is easier to use. Its dashboard needs to be improved. It is not intuitive. It is hard to understand the interface, and it can be improved to provide a better user experience."
"A better design of the interface and add some new rules."
"We called support and complained but have not received any information as we use the free version. We had to fix it on our own and could not escalate it to the tool's developer."
"The software testing tool capability could improve. It does not always integrate well. You have to use a specific plugin and the plugin does not always go in Apple's applications."
"Monitoring is a feature that can be improved in the next version."
"We did have some trouble with the LDAP integration for the console."
"SonarQube is not development-centric like Snyk."
Fortify on Demand is ranked 10th in Application Security Tools with 56 reviews while SonarQube is ranked 1st in Application Security Tools with 110 reviews. Fortify on Demand is rated 8.0, while SonarQube is rated 8.0. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". Fortify on Demand is most compared with Veracode, Checkmarx One, Coverity, Fortify WebInspect and Snyk, whereas SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Mend.io. See our Fortify on Demand vs. SonarQube report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.