We performed a comparison between Checkmarx and Micro Focus Fortify on Demand based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions are very comparable. All categories received similar ratings except that Checkmarx got better rewviews on deployment and support.
"The UI is very intuitive and simple to use."
"The UI is user-friendly."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"The user interface is modern and nice to use."
"Vulnerability details is valuable."
"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."
"The most valuable feature is the application tracking reporting."
"Each bank may have its own core banking applications with proprietary support for different programming languages. This makes Fortify particularly relevant and advantageous in those cases."
"It has saved us a lot of time as we focus primarily on programming rather than tool operational work."
"Audit workbench: for on-the-fly defect auditing."
"Fortify on Demand's best feature is that there's no need to install and configure it locally since it's on the cloud."
"The solution is user-friendly."
"The most valuable features of Micro Focus Fortify on Demand have been SAT analysis and application security."
"This product is top-notch solution and the technology is the best on the market."
"The vulnerability detection and scanning are awesome features."
"The integration could improve by including, for example, DevSecOps."
"Checkmarx could improve by reducing the price."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"If it is a very large code base then we have a problem where we cannot scan it."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"Updating and debugging of queries is not very convenient."
"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."
"I would like to see the tool’s pricing improved."
"The technical support is actually a problem that needs to be addressed. Since the acquisition and merger with Hewlett Packard, it has been really hard to know who the technical or salesperson to talk to."
"I would like the solution to add AI support."
"There is room for improvement in the integration process."
"There are lots of limitations with code technology. It cannot scan .net properly either."
"There were some regulated compliances, which were not there."
"In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication. They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful."
"Sometimes when we run a full scan, we have a bunch of issues in the code. We should not have any issues."
"There's a bit of a learning curve. Our development team is struggling with following the rules and following the new processes."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Fortify on Demand is ranked 10th in Application Security Tools with 56 reviews. Checkmarx One is rated 7.6, while Fortify on Demand is rated 8.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". Checkmarx One is most compared with SonarQube, Veracode, Snyk, Coverity and Mend.io, whereas Fortify on Demand is most compared with SonarQube, Veracode, Coverity, Fortify WebInspect and Snyk. See our Checkmarx One vs. Fortify on Demand report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.