We performed a comparison between Fortify on Demand and Snyk based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The UL is easy to use compared to that of other tools, and it is highly reliable. The findings provide a lower number of false positives."
"Audit workbench: for on-the-fly defect auditing."
"The quality of application security testing reduces risk and gives very few false positives."
"Fortify on Demand can be scaled very easily."
"Fortify on Demand's best feature is that there's no need to install and configure it locally since it's on the cloud."
"The feature that I find the most useful is being able to just see the vulnerabilities online while checking the code and then checking suggestions for fixing them."
"I do not remember any issues with stability."
"We identified a lot of security vulnerability much earlier in the development and could fix this well before the product was rolled out to a huge number of clients."
"It has an accurate database of vulnerabilities with a low amount of false positives."
"What is valuable about Snyk is its simplicity."
"I am impressed with the product's security vulnerability detection. My peers in security are praising the tool for its accuracy to detect security vulnerabilities. The product is very easy to onboard. It doesn't require a lot of preparation or prerequisites. It's a bit of a plug-and-play as long as you're using a package manager or for example, you are using a GitHub repository. And that is an advantage for this tool because developers don't want to add more tools to what they're currently using."
"Provides clear information and is easy to follow with good feedback regarding code practices."
"Its reports are nice and provide information about the issue as well as resolution. They also provide a proper fix. If there's an issue, they provide information in detail about how to remediate that issue."
"The advantage of Snyk is that Snyk automatically creates a pull request for all the findings that match or are classified according to the policy that we create. So, once we review the PR within Snyk and we approve the PR, Snyk auto-fixes the issue, which is quite interesting and which isn't there in any other product out there. So, Snyk is a step ahead in this particular area."
"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."
"The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities."
"It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the overall time span to scan the code, and even to set up the code scanning, is a bit overwhelming for regular developers."
"The biggest deficiency is the integration with bug tracker systems. It might be better if the configuration screen presented for accessing the bug tracking systems could provide some flexibility."
"Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve."
"We would like a reduction in the time frame of scans. It takes us three to five days to run a scan now. We would like that reduced to under three days."
"An improvement would be the ability to get vulnerabilities flowing automatically into another system."
"There were some regulated compliances, which were not there."
"There's a bit of a learning curve. Our development team is struggling with following the rules and following the new processes."
"I would like to see improvement in CI integration and integration with GitLab or Jenkins. It needs to be more simple."
"The log export function could be easier when shipping logs to other platforms such as Splunk."
"The tool should provide more flexibility and guidance to help us fix the top vulnerabilities before we go into production."
"The solution's reporting and storage could be improved."
"It can be improved from the reporting perspective and scanning perspective. They can also improve it on the UI front."
"The documentation sometimes is not relevant. It does not cover the latest updates, scanning, and configurations. The documentation for some things is wrong and does not cover some configuration scannings for the multiple project settings."
"Basically the licensing costs are a little bit expensive."
"Snyk's API and UI features could work better in terms of speed."
"We have to integrate with their database, which means we need to send our entire code to them to scan, and they send us the report. A company working in the financial domain usually won't like to share its code or any information outside its network with any third-party provider."
Fortify on Demand is ranked 11th in Application Security Tools with 56 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. Fortify on Demand is rated 8.0, while Snyk is rated 8.2. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Fortify on Demand is most compared with SonarQube, Checkmarx One, Veracode, Coverity and OWASP Zap, whereas Snyk is most compared with SonarQube, Black Duck, Fortify Static Code Analyzer, Veracode and Coverity. See our Fortify on Demand vs. Snyk report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.