We performed a comparison between Checkmarx and Micro Focus Fortify on Demand based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions are very comparable. All categories received similar ratings except that Checkmarx got better rewviews on deployment and support.
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"The user interface is excellent. It's very user friendly."
"The most valuable feature is the simple user interface."
"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"The UI is very intuitive and simple to use."
"Our static operation security has been able to identify more security issues since implementing this solution."
"The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages."
"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"Each bank may have its own core banking applications with proprietary support for different programming languages. This makes Fortify particularly relevant and advantageous in those cases."
"It's a stable and scalable solution."
"Fortify on Demand can be scaled very easily."
"The features that I have found most valuable include its security scan, the vulnerability finds, and the web interface to search and review the issues."
"The most valuable features of Micro Focus Fortify on Demand have been SAT analysis and application security."
"There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do."
"t's a cloud-based solution, so there was no installation involved."
"The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product)."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"The solution sometimes reports a false auditable code or false positive."
"Meta data is always needed."
"There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver."
"I would like to see the tool’s pricing improved."
"I would like to see the DAST solution in the future."
"The solution's user interface could be improved because it seems outdated."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"An improvement would be the ability to get vulnerabilities flowing automatically into another system."
"We have some stability issues, but they are minimal."
"Micro Focus Fortify on Demand could improve the reports. They could benefit from being more user-friendly and intuitive."
"There's a bit of a learning curve. Our development team is struggling with following the rules and following the new processes."
"It would be highly beneficial if Fortify on Demand incorporated runtime analysis, similar to how Contrast Security utilizes agents for proactive application security."
"Micro Focus Fortify on Demand can improve by having more graphs. For example, to show the improvement of the level of security."
"There are many false positives identified by the solution."
"Integration to CI/CD pipelines could be improved. The reporting format could be more user friendly so that it is easy to read."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Fortify on Demand is ranked 11th in Application Security Tools with 56 reviews. Checkmarx One is rated 7.6, while Fortify on Demand is rated 8.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". Checkmarx One is most compared with SonarQube, Veracode, Snyk, Coverity and Mend.io, whereas Fortify on Demand is most compared with SonarQube, Veracode, Coverity, Fortify WebInspect and Snyk. See our Checkmarx One vs. Fortify on Demand report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.