We performed a comparison between Checkmarx and Micro Focus Fortify on Demand based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions are very comparable. All categories received similar ratings except that Checkmarx got better rewviews on deployment and support.
"Vulnerability details is valuable."
"The UI is user-friendly."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"The setup is fairly easy. We didn't struggle with the process at all."
"The only thing I like is that Checkmarx does not need to compile."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"Fortify on Demand can be scaled very easily."
"This product is top-notch solution and the technology is the best on the market."
"t's a cloud-based solution, so there was no installation involved."
"Being able to reduce risk overall is a very valuable feature for us."
"The most valuable features are the detailed reporting and the ability to set up deep scanning of the software, both of which are in the same place."
"It improves future security scans."
"The most valuable features are the server, scanning, and it has helped identify issues with the security analysis."
"It is an extremely robust, scalable, and stable solution."
"The integration could improve by including, for example, DevSecOps."
"We have received some feedback from our customers who are receiving a large number of false positives."
"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"You can't use it in the continuous delivery pipeline because the scanning takes too much time."
"Checkmarx needs to be more scalable for large enterprise companies."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"It is an expensive solution."
"It could have a little bit more streamlined installation procedure. Based on the things that I've done, it could also be a bit more automated. It is kind of taking a bunch of different scanners, and SSC is just kind of managing the results. The scanning doesn't really seem to be fully integrated into the SSC platform. More automation and any kind of integration in the SSC platform would definitely be good. There could be a way to initiate scans from SSC and more functionality on the server-side to initiate desk scans if it is not already available."
"The Visual Studio plugin seems to hang when a scan is run on big projects. I would expect some improvements there."
"The vulnerability analysis does not always provide guidelines for what the developer should do in order to correct the problem, which means that the code has to be manually inspected and understood."
"Micro Focus Fortify on Demand can improve by having more graphs. For example, to show the improvement of the level of security."
"The thing that could be improved is reducing the cost of usage and including some of the most pricey features, such as dynamic analysis and that sort of functionality, which makes the difference between different types of tools."
"It does scanning for all virtual machines and other things, but it doesn't do the scanning for containers. It currently lacks the ability to do the scanning on containers. We're asking their product management team to expand this capability to containers."
"An improvement would be the ability to get vulnerabilities flowing automatically into another system."
"There are many false positives identified by the solution."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Fortify on Demand is ranked 11th in Application Security Tools with 56 reviews. Checkmarx One is rated 7.6, while Fortify on Demand is rated 8.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". Checkmarx One is most compared with SonarQube, Veracode, Snyk, Coverity and Mend.io, whereas Fortify on Demand is most compared with SonarQube, Veracode, Coverity, Fortify WebInspect and Snyk. See our Checkmarx One vs. Fortify on Demand report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.