We performed a comparison between Checkmarx and Micro Focus Fortify on Demand based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions are very comparable. All categories received similar ratings except that Checkmarx got better rewviews on deployment and support.
"The most valuable feature is the simple user interface."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
"The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"The UI is very intuitive and simple to use."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"This product is top-notch solution and the technology is the best on the market."
"The features that I have found most valuable include its security scan, the vulnerability finds, and the web interface to search and review the issues."
"The most valuable features of Micro Focus Fortify on Demand have been SAT analysis and application security."
"Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out."
"Audit workbench: for on-the-fly defect auditing."
"We identified a lot of security vulnerability much earlier in the development and could fix this well before the product was rolled out to a huge number of clients."
"While using Micro Focus Fortify on Demand we have been very happy with the results and findings."
"The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product)."
"It would be really helpful if the level of confidence was included, with respect to identified issues."
"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"It is an expensive solution."
"Micro-services need to be included in the next release."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
".NET code scanning is still dependent on building the code base before running any scan. Also, it's dependent on an IDE such as Visual Studio."
"It lacks of some important features that the competitors have, such as Software Composition Analysis, full dead code detection, and Agile Alliance's Best Practices and Technical Debt."
"Primarily for a complex, advanced website, they don't really understand some of the functionalities. So for instance, they could tell us that there is a vulnerability because somebody could possibly do something, but they don't really understand the code to realize that we actually negate that vulnerability through some other mechanism in the program. In addition, the technical support is just not there. We have open tickets. They don't respond. Even if they respond, we're not seeing eye to eye. As the company got sold and bought, the support got worse."
"Takes up a lot of resources which can slow things down."
"There's a bit of a learning curve. Our development team is struggling with following the rules and following the new processes."
"We have some stability issues, but they are minimal."
"The technical support is actually a problem that needs to be addressed. Since the acquisition and merger with Hewlett Packard, it has been really hard to know who the technical or salesperson to talk to."
"The UI could be better. Fortify should also suggest new packages in the product that can be upgraded. Currently, it shows that, but it's not visible enough. In future versions, I would like more insights about the types of vulnerabilities and the pages associated with the exact CVE."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Fortify on Demand is ranked 11th in Application Security Tools with 56 reviews. Checkmarx One is rated 7.6, while Fortify on Demand is rated 8.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". Checkmarx One is most compared with SonarQube, Veracode, Snyk, Coverity and Mend.io, whereas Fortify on Demand is most compared with SonarQube, Veracode, Coverity, Fortify WebInspect and Snyk. See our Checkmarx One vs. Fortify on Demand report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.