We performed a comparison between Fortify Application Defender, Trustwave App Scanner [EOL], and Veracode based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."The product saves us cost and time."
"The most valuable feature is that it analyzes data in real-time."
"Its ability to find security defects is valuable."
"The solution helped us to improve the code quality of our organization."
"The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions."
"The most valuable features of Fortify Application Defender are the code packages that are default."
"The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology."
"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."
"The stability is great. We haven't had any issues at all with it."
"The main feature, and one of the most important, is the static code analysis. We are able to complete an analysis of the security flaws with this platform. It's very good at helping us find and fix flaws."
"The SAST and DAST modules are great."
"The dashboards and the threat insights it provides are very good. The dashboards are intuitive and pretty straightforward, but also pretty detailed."
"Veracode static analysis allows us to pinpoint issues - from a simple hard-coded test password, to more serious issues - and saves us lot of time. For example, it raises a flag about a problematic third-party DLL before development invests time heavy using it."
"It gives me an idea about the most important vulnerabilities and fast remediation tips."
"We like the fact that all the issues are identified and that Veracode provides sufficient information on how to resolve them."
"What we found most valuable in Veracode is the ability to do automatic scans of our software. We've incorporated the solution into our SDLC process, so we take our builds before they get released and put them through scans to ensure any new vulnerabilities haven't occurred."
"The most important feature is the static scanning analysis, and the reason is that it can tell us vulnerability in that code, right before we go ahead and push something to production or provide something to a client... Dynamic scanning actually hits our Web applications, to try to detect any well known Web application vulnerabilities as well."
"The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java."
"The solution is quite expensive."
"The licensing can be a little complex."
"Support for older compilers/IDEs is lacking."
"The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."
"Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."
"The false positive rate should be lower."
"The workbench is a little bit complex when you first start using it."
"I would like to see a little more flexibility with regards to setting up profiles for vulnerabilities."
"The scanning is a little slow, but other than that it's fine. It's usually when the binaries get up into the multi-hundred megabyte size."
"Some important languages are not supported."
"The reporting was detailed, but there were some things that were missing. It showed us on which line an error was found, but it could have been more detailed."
"Calypso (our application) is large and the results take up to two months. Further, we also have to package Calypso in a special manner to meet size guidelines."
"The scanning process for records could be faster and there is room for improvement in Veracode's performance."
"In some cases we use their APIs; they're not as rich as I would like."
"In the future, I would like to see the RASP capability built-in."
"I've seen slightly better static analysis tools from other companies when it comes to speed and ease of use."
Earn 20 points
Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.