We performed a comparison between CAST Highlight and Fortify Application Defender based on real PeerSpot user reviews.
Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."CAST Highlight is easy to use and has a good dashboard."
"The most valuable features of CAST Highlight are automation and speed."
"It offers good performance."
"The most valuable features of the CAST Highlight are the interface and there are three notations that are very simple to understand and communicate with."
"The way it tells you which codebase is more ready for the cloud and which codebase is less ready is very valuable. It works seamlessly with most languages."
"The most valuable features of Fortify Application Defender are the code packages that are default."
"The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology."
"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"The solution helped us to improve the code quality of our organization."
"Its ability to find security defects is valuable."
"Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications."
"The product saves us cost and time."
"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."
"The ease of configuration and customization could be improved in CAST Highlight."
"CAST Highlight could improve to allow us to comment and do a deep analysis by ourselves."
"There's a bit of a learning curve at the outset."
"Its price should be better. It is a pretty costly tool. They have two products: CAST Highlight and CAST AIP. I would expect CAST Highlight to have the Help dashboard and the Engineering dashboard. These dashboards are currently a part of CAST AIP, and if these are made available in CAST Highlight, customers won't have to use two different products all the time."
"The reports that describe the issues of concern are rather abstract and the issues should be more clearly described to the user."
"I encountered many false positives for Python applications."
"The solution is quite expensive."
"The product should integrate industry-standard code review tools internally with its system. This would streamline the coding process, as developers wouldn't need multiple tools for code review and security checks. Many independent and open-source tools are available, from Apache to various libraries. Using multiple DevOps pipeline tools can slow the turnaround time."
"The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java."
"Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."
"The licensing can be a little complex."
"The workbench is a little bit complex when you first start using it."
"The false positive rate should be lower."
CAST Highlight is ranked 13th in Software Composition Analysis (SCA) with 5 reviews while Fortify Application Defender is ranked 30th in Application Security Tools with 11 reviews. CAST Highlight is rated 7.8, while Fortify Application Defender is rated 7.8. The top reviewer of CAST Highlight writes "Easy to set up with optimized and automated insights". On the other hand, the top reviewer of Fortify Application Defender writes "Useful for fast code review in devOps pipelines ". CAST Highlight is most compared with SonarQube, Snyk, Veracode, Black Duck and Checkmarx One, whereas Fortify Application Defender is most compared with Checkmarx One, CAST Application Intelligence Platform, Coverity, SonarQube and Qualys Web Application Scanning. See our CAST Highlight vs. Fortify Application Defender report.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.