We performed a comparison between Checkmarx and Micro Focus Fortify on Demand based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions are very comparable. All categories received similar ratings except that Checkmarx got better rewviews on deployment and support.
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"The most valuable feature is the simple user interface."
"The solution has good performance, it is able to compute in 10 to 15 minutes."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
"Helps us check vulnerabilities in our SAP Fiori application."
"Scan reviews can occur during the development lifecycle."
"It improves future security scans."
"I do not remember any issues with stability."
"The quality of application security testing reduces risk and gives very few false positives."
"The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation."
"Fortify helps us to stay updated with the newest languages and versions coming out."
"This product is top-notch solution and the technology is the best on the market."
"Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning."
"What stands out to me is the user-friendliness of each feature."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"Meta data is always needed."
"Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices."
"Updating and debugging of queries is not very convenient."
"Checkmarx could improve by reducing the price."
"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
"In terms of what could be improved, we need more strategic analysis reports, not just for one specific application, but for the whole enterprise. In the next release, we need more reports and more analytic views for all the applications. There is no enterprise view in Fortify. I would like enterprise views and reports."
"Sometimes when we run a full scan, we have a bunch of issues in the code. We should not have any issues."
"It does scanning for all virtual machines and other things, but it doesn't do the scanning for containers. It currently lacks the ability to do the scanning on containers. We're asking their product management team to expand this capability to containers."
"The biggest deficiency is the integration with bug tracker systems. It might be better if the configuration screen presented for accessing the bug tracking systems could provide some flexibility."
"The technical support is actually a problem that needs to be addressed. Since the acquisition and merger with Hewlett Packard, it has been really hard to know who the technical or salesperson to talk to."
"This solution would be improved if the code-quality perspective were added to it, on top of the security aspect."
"If you have a continuous integration in place, for example, and you want it to run along with your build and you want it to be fast, you're not going to get it. It adds to your development time."
"There are lots of limitations with code technology. It cannot scan .net properly either."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Fortify on Demand is ranked 11th in Application Security Tools with 56 reviews. Checkmarx One is rated 7.6, while Fortify on Demand is rated 8.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". Checkmarx One is most compared with SonarQube, Veracode, Snyk, Coverity and Mend.io, whereas Fortify on Demand is most compared with SonarQube, Veracode, Coverity, Fortify WebInspect and Snyk. See our Checkmarx One vs. Fortify on Demand report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.