We performed a comparison between Checkmarx and Micro Focus Fortify on Demand based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions are very comparable. All categories received similar ratings except that Checkmarx got better rewviews on deployment and support.
"Helps us check vulnerabilities in our SAP Fiori application."
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."
"It has all the features we need."
"The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"The user interface is good."
"Each bank may have its own core banking applications with proprietary support for different programming languages. This makes Fortify particularly relevant and advantageous in those cases."
"The solution is very fast."
"The vulnerability detection and scanning are awesome features."
"While using Micro Focus Fortify on Demand we have been very happy with the results and findings."
"The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation."
"Fortify supports most languages. Other tools are limited to Java and other typical languages. IBM's solutions aren't flexible enough to support any language. Fortify also integrates with lots of tools because it has API support."
"The quality of application security testing reduces risk and gives very few false positives."
"The integration could improve by including, for example, DevSecOps."
"Checkmarx could improve the REST APIs by including automation."
"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."
"I would like to see the tool’s pricing improved."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"In terms of dashboarding, the solution could provide a little more flexibility in terms of creating more dashboards. It has some of its own dashboards that come out of the box. However, if I have to implement my own dashboards that are aligned to my organization's requirements, that dashboarding feature has limited capability right now."
"The pricing can get a bit expensive, depending on the company's size."
"Meta data is always needed."
"There is room for improvement in the integration process."
"Reporting could be improved."
"We have some stability issues, but they are minimal."
"Not fully integrated with CIT processes."
"There are lots of limitations with code technology. It cannot scan .net properly either."
"The thing that could be improved is reducing the cost of usage and including some of the most pricey features, such as dynamic analysis and that sort of functionality, which makes the difference between different types of tools."
"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."
"It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the overall time span to scan the code, and even to set up the code scanning, is a bit overwhelming for regular developers."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Fortify on Demand is ranked 10th in Application Security Tools with 57 reviews. Checkmarx One is rated 7.6, while Fortify on Demand is rated 8.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". Checkmarx One is most compared with SonarQube, Veracode, Snyk, Coverity and Mend.io, whereas Fortify on Demand is most compared with SonarQube, Veracode, Coverity, Fortify WebInspect and Snyk. See our Checkmarx One vs. Fortify on Demand report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.