We performed a comparison between Fortify on Demand and ShiftLeft based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."Provides good depth of scanning and we get good results."
"We have the option to test applications with or without credentials."
"The most valuable feature of Micro Focus Fortify on Demand is the information it can provide. There is quite a lot of information. It can pinpoint right down to where the problem is, allowing you to know where to fix it. Overall the features are easy to use, you don't have to be a coder. You can be a manager, or in IT operations, et cetera, anyone can use it. It is quite a well-rounded functional solution."
"The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product)."
"I don’t know of any other On-Demand enterprise solution like this one where we can load the details and within a few days, receive the results of intrusion attacks, and work with HP Security Experts when needed for clarification"
"Being able to reduce risk overall is a very valuable feature for us."
"The SAST feature is the most valuable."
"The most valuable features are the server, scanning, and it has helped identify issues with the security analysis."
"When it comes to ShiftLeft, the most valuable feature is definitely its ease of use and cost-effectiveness."
"The reporting capabilities need improvement, as there are some features that we would like to have but are not available at the moment."
"The thing that could be improved is reducing the cost of usage and including some of the most pricey features, such as dynamic analysis and that sort of functionality, which makes the difference between different types of tools."
"I would like to see improvement in CI integration and integration with GitLab or Jenkins. It needs to be more simple."
"It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the overall time span to scan the code, and even to set up the code scanning, is a bit overwhelming for regular developers."
"An improvement would be the ability to get vulnerabilities flowing automatically into another system."
"In terms of what could be improved, we need more strategic analysis reports, not just for one specific application, but for the whole enterprise. In the next release, we need more reports and more analytic views for all the applications. There is no enterprise view in Fortify. I would like enterprise views and reports."
"Not fully integrated with CIT processes."
"There are many false positives identified by the solution."
"Having support from senior management is crucial in making it mandatory for teams to collaborate with the security team throughout the development process."
Fortify on Demand is ranked 10th in Application Security Tools with 57 reviews while ShiftLeft is ranked 26th in Application Security Tools with 1 review. Fortify on Demand is rated 8.0, while ShiftLeft is rated 10.0. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of ShiftLeft writes "Effectively in identify and fix bugs early in the development lifecycle". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and Fortify WebInspect, whereas ShiftLeft is most compared with SonarQube and Black Duck.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.