We performed a comparison between Checkmarx and Micro Focus Fortify on Demand based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions are very comparable. All categories received similar ratings except that Checkmarx got better rewviews on deployment and support.
"The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."
"The solution allows us to create custom rules for code checks."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"Our static operation security has been able to identify more security issues since implementing this solution."
"From my point of view, it is the best product on the market."
"The administration in Checkmarx is very good."
"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."
"Fortify supports most languages. Other tools are limited to Java and other typical languages. IBM's solutions aren't flexible enough to support any language. Fortify also integrates with lots of tools because it has API support."
"The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product)."
"One of the valuable features is the ability to submit your code and have it run in the background. Then, if something comes up that is more specific, you have the security analyst who can jump in and help, if needed."
"The feature that I find the most useful is being able to just see the vulnerabilities online while checking the code and then checking suggestions for fixing them."
"The SAST feature is the most valuable."
"There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do."
"Audit workbench: for on-the-fly defect auditing."
"The features that I have found most valuable include its security scan, the vulnerability finds, and the web interface to search and review the issues."
"The reports are good, but they still need to be improved considering what the UI offers."
"The integration could improve by including, for example, DevSecOps."
"Meta data is always needed."
"Updating and debugging of queries is not very convenient."
"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."
"We have received some feedback from our customers who are receiving a large number of false positives."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"This product requires you to create your own rulesets. You have to do a lot of customization."
"Micro Focus Fortify on Demand could improve the user interface by making it more user-friendly."
"In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication. They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful."
"If you have a continuous integration in place, for example, and you want it to run along with your build and you want it to be fast, you're not going to get it. It adds to your development time."
"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."
"Integration to CI/CD pipelines could be improved. The reporting format could be more user friendly so that it is easy to read."
"The thing that could be improved is reducing the cost of usage and including some of the most pricey features, such as dynamic analysis and that sort of functionality, which makes the difference between different types of tools."
"The vulnerability analysis does not always provide guidelines for what the developer should do in order to correct the problem, which means that the code has to be manually inspected and understood."
"There are lots of limitations with code technology. It cannot scan .net properly either."
Checkmarx is ranked 3rd in Application Security Tools with 67 reviews while Fortify on Demand is ranked 11th in Application Security Tools with 55 reviews. Checkmarx is rated 7.6, while Fortify on Demand is rated 8.0. The top reviewer of Checkmarx writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". Checkmarx is most compared with SonarQube, Veracode, Snyk, Coverity and Mend.io, whereas Fortify on Demand is most compared with SonarQube, Veracode, Coverity, Fortify WebInspect and Snyk. See our Checkmarx vs. Fortify on Demand report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.