We performed a comparison between CAST Highlight and Fortify Application Defender based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It offers good performance."
"The way it tells you which codebase is more ready for the cloud and which codebase is less ready is very valuable. It works seamlessly with most languages."
"CAST Highlight is easy to use and has a good dashboard."
"The most valuable features of the CAST Highlight are the interface and there are three notations that are very simple to understand and communicate with."
"The most valuable features of CAST Highlight are automation and speed."
"The most valuable feature is that it analyzes data in real-time."
"The most valuable features of Fortify Application Defender are the code packages that are default."
"Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications."
"The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions."
"Its ability to find security defects is valuable."
"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."
"The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology."
"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user."
"Its price should be better. It is a pretty costly tool. They have two products: CAST Highlight and CAST AIP. I would expect CAST Highlight to have the Help dashboard and the Engineering dashboard. These dashboards are currently a part of CAST AIP, and if these are made available in CAST Highlight, customers won't have to use two different products all the time."
"The ease of configuration and customization could be improved in CAST Highlight."
"There's a bit of a learning curve at the outset."
"CAST Highlight could improve to allow us to comment and do a deep analysis by ourselves."
"The false positive rate should be lower."
"The product should integrate industry-standard code review tools internally with its system. This would streamline the coding process, as developers wouldn't need multiple tools for code review and security checks. Many independent and open-source tools are available, from Apache to various libraries. Using multiple DevOps pipeline tools can slow the turnaround time."
"The licensing can be a little complex."
"Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."
"The workbench is a little bit complex when you first start using it."
"Support for older compilers/IDEs is lacking."
"Fortify Application Defender gives a lot of false positives."
"I encountered many false positives for Python applications."
CAST Highlight is ranked 10th in Software Composition Analysis (SCA) with 5 reviews while Fortify Application Defender is ranked 30th in Application Security Tools with 11 reviews. CAST Highlight is rated 7.8, while Fortify Application Defender is rated 7.8. The top reviewer of CAST Highlight writes "Easy to set up with optimized and automated insights". On the other hand, the top reviewer of Fortify Application Defender writes "Useful for fast code review in devOps pipelines ". CAST Highlight is most compared with SonarQube, Snyk, Veracode, Checkmarx One and Black Duck, whereas Fortify Application Defender is most compared with Checkmarx One, CAST Application Intelligence Platform, Coverity, SonarQube and Qualys Web Application Scanning. See our CAST Highlight vs. Fortify Application Defender report.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.