We performed a comparison between Fortify on Demand and Klocwork based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I don’t know of any other On-Demand enterprise solution like this one where we can load the details and within a few days, receive the results of intrusion attacks, and work with HP Security Experts when needed for clarification"
"This product is top-notch solution and the technology is the best on the market."
"The most valuable feature is the capacity to be able to check vulnerabilities during the development process. The development team can check whether the code they are using is vulnerable to some type of attack or there is some type of vulnerability so that they can mitigate it. It helps us in achieving a more secure approach towards internal applications. It is an intuitive solution. It gives all the information that a developer needs to remediate a vulnerability in the coding process. It also gives you some examples of how to remediate a vulnerability in different programming languages. This solution is pretty much what we were searching for."
"The SAST feature is the most valuable."
"The most valuable features of Micro Focus Fortify on Demand have been SAT analysis and application security."
"t's a cloud-based solution, so there was no installation involved."
"We have the option to test applications with or without credentials."
"The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it."
"The most valuable feature is the Incremental analysis."
"One can increase the number of vendors, so the solution is scalable."
"On-the-fly analysis and incremental analysis are the best parts of Klocwork. Currently, we are using both of these features very effectively."
"The most valuable feature of Klocwork is finding defects while you're doing the coding. For example, if you have an IDE plug-in of Klocwork on Visual Studio or Eclipse, you can find the faults; similar to using spell check on Word, you can find out defects during the development phase, which means that you don't have to wait till the development is over to find the flaws and address the deficiencies. I also find language support in Klocwork good because it used to support only C, C++, C#, and Java, but now, it also supports Java scripts and Python."
"I like not having to dig through false positives. Chasing down a false positive can take anywhere from five minutes for a small easy one, then something that is complicated and goes through a whole bunch of different class cases, and it can take up to 45 minutes to an hour to find out if it is a false positive or not."
"Technical support is quite good."
"We like using the static analysis and code refactoring, which are very valuable because of our requirements to meet safety critical levels and reliability."
"The ability to create custom checkers is a plus."
"There are many false positives identified by the solution."
".NET code scanning is still dependent on building the code base before running any scan. Also, it's dependent on an IDE such as Visual Studio."
"It natively supports only a few languages. They can include support for more native languages. The response time from the support team can also be improved. They can maybe include video tutorials explaining the remediation process. The remediation process is sometimes not that clear. It would be helpful to have videos. Sometimes, the solution that the tool gives in the GUI is not straightforward to understand for the developer. At present, for any such issues, you have to create a ticket for the support team and request help from the support team."
"There is room for improvement in the integration process."
"This solution would be improved if the code-quality perspective were added to it, on top of the security aspect."
"During development, when our developer makes changes to their code, they typically use GitHub or GitLab to track those changes. However, proper integration between Fortify on Demand and GitHub and GitLab is not there yet. Improved integration would be very valuable to us."
"Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify."
"In terms of what could be improved, we need more strategic analysis reports, not just for one specific application, but for the whole enterprise. In the next release, we need more reports and more analytic views for all the applications. There is no enterprise view in Fortify. I would like enterprise views and reports."
"This solution could be improved if they offered support of more languages including Ada and Golang. They currently only support seven languages."
"Modern languages, such as Angular and .NET, should be included as a part of Klocwork. They have recently added Kotlin as a part of their project, but we would like to see more languages in Klocwork. That's the reason we are using Coverity as a backup for some of the other languages."
"I believe it should support more languages, such as Python and JavaScript."
"Every update that we receive requires of us a lengthy and involved process."
"Under NIST cybersecurity standards, we must address vulnerabilities within a specified time after discovering them. When we try to propagate those updates and fixes through the system, it would be nice if the clients could reconnect to the existing server or have the server dynamically updated in some way. I know that isn't easy, but maybe processes could be enhanced to make that more streamlined from a DevOps perspective."
"What needs improvement in Klocwork, compared to other products in the market, is the dashboard or reporting mechanisms that need to be a bit more flexible. The Klocwork dashboard could be improved. Though it's good, it's not as good as some of the other products in the market, which is a problem. The reporting could be more detailed and easier to sort out because sorting in Klocwork could be a bit more time-consuming, mainly when sorting defects based on filters, compared to how it's done on other tools such as Coverity."
"We'd like to see integration with Agile DevOps and Agile methodologies."
"I would like to see better codes between projects and a more user-friendly desktop in the next release."
Fortify on Demand is ranked 10th in Application Security Tools with 56 reviews while Klocwork is ranked 16th in Application Security Tools with 20 reviews. Fortify on Demand is rated 8.0, while Klocwork is rated 8.2. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Klocwork writes "Their technical team helps us get the most out of the solution, but we've faced some stability problems in our environment". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and Fortify WebInspect, whereas Klocwork is most compared with SonarQube, Coverity, Polyspace Code Prover, CodeSonar and GitLab. See our Fortify on Demand vs. Klocwork report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
