We performed a comparison between Fortify on Demand and GitHub based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."
"Each bank may have its own core banking applications with proprietary support for different programming languages. This makes Fortify particularly relevant and advantageous in those cases."
"Audit workbench: for on-the-fly defect auditing."
"Fortify on Demand can be scaled very easily."
"The quality of application security testing reduces risk and gives very few false positives."
"The most valuable feature of Micro Focus Fortify on Demand is the information it can provide. There is quite a lot of information. It can pinpoint right down to where the problem is, allowing you to know where to fix it. Overall the features are easy to use, you don't have to be a coder. You can be a manager, or in IT operations, et cetera, anyone can use it. It is quite a well-rounded functional solution."
"There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do."
"This product is top-notch solution and the technology is the best on the market."
"The solution is scalable."
"The product has a very user-friendly interface and user-friendly security."
"The deployment is fast since we just have to run the script, and once it's done, it takes a few minutes."
"It has a lot of features from the code development perspective. You get a lot of features such as repo, commit, merge, and branch. You can play around and do things on the fly. It is easy and simple to deploy. It is also easier to use when working from home."
"This solution is very easy to use which I like about it. The capacity to own artifacts and share them with others is another good feature. You don't have to write all your code from scratch, you can use available templates and alter the code according to your needs."
"GitHub is convenient and easy to use."
"The flexibility of this solution has been most valuable. It operates on a pay per use basis where you can ramp up or decrease usage."
"The best feature is the ability to track the history of all code changes, and it's easy to use. Additionally, as it's open source, anyone can use that feature resulting in distributed development. This opens the door to collaboration with different code and developer, feature, and master branches of development."
"In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication. They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful."
"We would like a reduction in the time frame of scans. It takes us three to five days to run a scan now. We would like that reduced to under three days."
"This solution would be improved if the code-quality perspective were added to it, on top of the security aspect."
"We want a user-based control and role-based access for developers. We want to give limited access to developers so that it only pertains to the code that they write and scanning of the codes for any vulnerabilities as they're progressing with writing the code. As of now, the interface to give restricted access to the developers is not the best. It gives them more access than what is basically required, but we don't want over-provisioning and over-access."
"The reporting capabilities need improvement, as there are some features that we would like to have but are not available at the moment."
"An improvement would be the ability to get vulnerabilities flowing automatically into another system."
"It would be highly beneficial if Fortify on Demand incorporated runtime analysis, similar to how Contrast Security utilizes agents for proactive application security."
"Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve."
"It is difficult to merge a code or restore it to an older version."
"GitHub could add some more security features."
"The project management sector really needs some improvement for GitHub. I don't know if GitHub made sense for me as a project manager."
"GitHub needs to improve its UI."
"Our firewall was blocking cloning and downloading with SSH."
"As of now, if I would like to learn about GitHub or its features, I would have to look on YouTube. It would be nice if they were able to send out a newsletter with explanations of new features that they are offering and what features are available."
"The solution should have less integration with the AI part, but it needs to add features with other automation tools so that it can be easily integrated."
"Github needs more storage."
Fortify on Demand is ranked 11th in Application Security Tools with 56 reviews while GitHub is ranked 10th in Application Security Tools with 64 reviews. Fortify on Demand is rated 8.0, while GitHub is rated 8.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of GitHub writes "Beneficial version control and continuous integration, but guides would be helpful". Fortify on Demand is most compared with SonarQube, Checkmarx One, Veracode, Coverity and Tenable.io Web Application Scanning, whereas GitHub is most compared with Snyk, AWS CodeCommit, Atlassian SourceTree, Bitbucket and Checkmarx One. See our Fortify on Demand vs. GitHub report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
