We performed a comparison between Fortify on Demand and Mend.io based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Being able to reduce risk overall is a very valuable feature for us."
"t's a cloud-based solution, so there was no installation involved."
"The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it."
"The most valuable feature is that it connects with your development platforms, such as Microsoft Information Server and Jira."
"It has saved us a lot of time as we focus primarily on programming rather than tool operational work."
"The solution is user-friendly. One feature I find very effective is the tool's automatic scanning capability. It scans replicas of the code developers write and automatically detects any vulnerabilities. The integration with CI/CD tools is also useful for plugins."
"Audit workbench: for on-the-fly defect auditing."
"The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation."
"The results and the dashboard they provide are good."
"The dashboard view and the management view are most valuable."
"WhiteSource helped reduce our mean time to resolution since the adoption of the product."
"We use a lot of open sources with a variety of containers, and the different open sources come with different licenses. Some come with dual licenses, some are risky and some are not. All our three use cases are equally important to us and we found WhiteSource handles them decently."
"We find licenses together with WhiteSource which are associated with a certain library, then we get a classification of the license. This is with respect to criticality and vulnerability, so we could take action and improve some things, or replace a third-party library which seems to be too risky for us to use on legal grounds."
"The solution is scalable."
"With the fix suggestions feature, not only do you get the specific trace back to where the vulnerability is within your code, but you also get fix suggestions."
"The most valuable feature is the unified JAR to scan for all langs (wss-scanner jar)."
"Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve."
"We typically do our bulk uploads of our scans with some automation at the end of the development cycle but the scanning can take a lot of time. If you were doing all of it at regular intervals it would still consume a lot of time. This could procedure could improve."
"There's a bit of a learning curve. Our development team is struggling with following the rules and following the new processes."
"The UI could be better. Fortify should also suggest new packages in the product that can be upgraded. Currently, it shows that, but it's not visible enough. In future versions, I would like more insights about the types of vulnerabilities and the pages associated with the exact CVE."
"It natively supports only a few languages. They can include support for more native languages. The response time from the support team can also be improved. They can maybe include video tutorials explaining the remediation process. The remediation process is sometimes not that clear. It would be helpful to have videos. Sometimes, the solution that the tool gives in the GUI is not straightforward to understand for the developer. At present, for any such issues, you have to create a ticket for the support team and request help from the support team."
"Micro Focus Fortify on Demand can improve by having more graphs. For example, to show the improvement of the level of security."
"The solution has some issues with latency. Sometimes it takes a while to respond. This issue should be addressed."
"Fortify on Demand could be improved with support in Russia."
"Needs better ACL and more role definitions. This product could be used by large organisations and it definitely needs a better role/action model."
"They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application."
"Mend supports most of the common package managers, but it doesn't support some that we use. I would appreciate it if they can quickly make these changes to add new package managers when necessary."
"Make the product available in a very stable way for other web browsers."
"WhiteSource Prioritize should be expanded to cover more than Java and JavaScript."
"If anything, I would spend more time making this more user-friendly, better documenting the CLI, and adding more examples to help expand the current documentation."
"Mend lets you create custom policies. They're not too complicated to set up, but it would be helpful if they had some preconfigured policies to match what we have in Azure DevOps. That would save us a lot of time. It's tedious to configure the policies manually, and I lack the capacity to do it right now. Other products have preconfigured packs and templates, and Mend doesn't."
"I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022."
Fortify on Demand is ranked 8th in Application Security Tools with 57 reviews while Mend.io is ranked 13th in Application Security Tools with 29 reviews. Fortify on Demand is rated 8.0, while Mend.io is rated 8.4. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and SonarCloud, whereas Mend.io is most compared with SonarQube, Black Duck, Veracode, Snyk and Jscrambler. See our Fortify on Demand vs. Mend.io report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.