We performed a comparison between Fortify Application Defender and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"The most valuable feature is that it analyzes data in real-time."
"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."
"The solution helped us to improve the code quality of our organization."
"The most valuable features of Fortify Application Defender are the code packages that are default."
"Its ability to find security defects is valuable."
"I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy."
"Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications."
"Veracode provides faster scans compared to other static analysis security testing tools."
"The Static and Dynamic Analysis capabilities are very valuable to us. They've improved the speed of the inspection process."
"The solution's ability to help create secure software is very valuable. We're a zero-trust networking company so we want to have the ability to say that we're practicing security seriously. Having something like Veracode allows us to have confidence when we're speaking to people about our product that we can back up what we're doing with a certification, with a reputable platform, and say, "This is what we're using to scan an application. Here's the number of vulnerabilities that are on an application. And here's the risk that we're accepting.""
"The static analysis gives you deep insights into problems."
"I like its integration with GitHub. I like using it from GitHub. I can use the GitHub URL and find out the vulnerabilities."
"There have been a lot of benefits gained from Veracode. Compared to other tools, Veracode has good flexibility with an easy way to run a scan. We get in-depth details on how to fix things and go through the process. They provide good process documents, community, and consultation for any issues that occur during the use of Veracode."
"Regarding Software Composition Analysis, an exceptional feature is that during a SAST scan, SCA is seamlessly conducted in the background."
"Veracode Security Labs are fantastic. My team loves getting the hands-on experience of putting in a flaw and fixing it. It's interactive. We've gotten decent support from the sales and software engineers, so the initial support was excellent. They scheduled a consultation call to dive deep and discuss why we see these findings and codes. That was incredibly helpful."
"The product should integrate industry-standard code review tools internally with its system. This would streamline the coding process, as developers wouldn't need multiple tools for code review and security checks. Many independent and open-source tools are available, from Apache to various libraries. Using multiple DevOps pipeline tools can slow the turnaround time."
"Fortify Application Defender gives a lot of false positives."
"The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java."
"The licensing can be a little complex."
"Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."
"The false positive rate should be lower."
"The solution is quite expensive."
"The workbench is a little bit complex when you first start using it."
"I think for us the biggest improvement would be to have an indicator when there's something wrong with a scan."
"They could improve how they fix vulnerabilities. They could have more support in place to help the developers."
"The static scans on Java lack microservices architecture scanning. We have developed an in-house pattern for this and the scans can't take care of it as a single entity."
"It will be beneficial for developers if Veracode Greenlight includes Python."
"It does nearly everything, but penetration testing."
"There are certain shortcomings in Veracode's static analysis engine. I would improve Veracode's static analysis engine to make it capable of identifying vulnerabilities with low false positives."
"The false positive rates were quite high in our case."
"I would like to see more technical support for some of the connectors, some more detailed diagrams or run-books on how to install some of stuff; more hand-holding in the sense of understanding our environment."
Fortify Application Defender is ranked 30th in Application Security Tools with 11 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Fortify Application Defender is rated 7.8, while Veracode is rated 8.2. The top reviewer of Fortify Application Defender writes "Useful for fast code review in devOps pipelines ". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Fortify Application Defender is most compared with Checkmarx One, Coverity, CAST Application Intelligence Platform, SonarQube and Acunetix, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our Fortify Application Defender vs. Veracode report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
