We performed a comparison between Fortify Application Defender, Kiuwan, and SonarQube based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions."
"The product saves us cost and time."
"The most valuable features of Fortify Application Defender are the code packages that are default."
"The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology."
"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"The solution helped us to improve the code quality of our organization."
"Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications."
"Its ability to find security defects is valuable."
"We are using this solution to increase the quality of our software and to test the vulnerabilities in our tools before the customers find them."
"I like that I can scan the code without sending it to the Kiuwan cloud. I can do it locally on my device. When the local analyzer finishes, the results display on the dashboard in the cloud. It's essential for security purposes to be able to scan my code locally."
"The feature that I have found the most valuable in Kiuwan is the speed of scanning. Compared to other SaaS tools I have used, Kiuwan is much quicker in performing scans. I have not yet used it on a large code base, but from what I have experienced, it is efficient and accurate. Additionally, I have used it both manually and in an automated pipeline, and both methods have been effective. The speed of scanning is what makes it valuable to me."
"The solution offers very good technical support."
"I have found the security and QA in the source code to be most valuable."
"I've found the reporting features the most helpful."
"The most valuable feature is the time to resolution, where it tells you how long it is going to take to get to a zero-base or a five-star security rating."
"It provides value by offering options to enhance both code quality and the security of the company."
"The software quality gate streamlines the product's quality."
"The integrations SonarQube provides with our software delivery pipeline are very seamless."
"There are many options and examples available in the tool that help us fix the issues it shows us."
"SonarQube has a lot of value, it reviews the basic coding standards and security vulnerabilities of code that help to reduce issues."
"With SonarQube's web interface, it is easy to drill down to see the individual problems, but also to look at the project from above and get the big picture, with possible larger problem areas."
"The solution's user interface is very user-friendly."
"The solution can verify vulnerabilities, code smells, and hotspots. It makes the software more secure and it helps make a junior or novice developer sharper."
"I like that it helps us maintain our work quality and code security."
"The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java."
"The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."
"The solution is quite expensive."
"I encountered many false positives for Python applications."
"Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."
"The licensing can be a little complex."
"The workbench is a little bit complex when you first start using it."
"Fortify Application Defender gives a lot of false positives."
"The QA developer and security could be improved."
"The integration process could be improved. It'll also help if it could generate reports automatically. But I'm not sure about the effectiveness of the reports. This is because, in our last project, we still found some key issues that weren't captured by the Kiuwan report."
"Integration of the programming tools could be improved."
"It could improve its scalability abilities."
"Perhaps more languages supported."
"Kiuwan's support has room for improvement. You can only open a ticket is through email, and the support team is outside of our country. They should have a support number or chat."
"The next release should include more flexibility in the reporting."
"The product's UI has certain shortcomings, where improvements are required."
"There are sometimes security breaches in our code, which aren't be caught by SonarQube. In the security area, SonarCube has to improve. It needs to better compete with other products."
"It should be user-friendly."
"We also use Fortify, which is another tool to find security errors. Fortify is a better security tool. It is better than SonarQube in finding errors. Sometimes, SonarQube doesn't find some of the errors that Fortify is able to find. Fortify also has a community, which SonarQube doesn't have. Its installation is a little bit complex. We need to install a database, install the product, and specify the version of the database and the product. They can simplify the installation and make it easier. We use docker for the installation because it is easier to use. Its dashboard needs to be improved. It is not intuitive. It is hard to understand the interface, and it can be improved to provide a better user experience."
"The reporting can be improved."
"The interface could be a little better and should be enhanced."
"We did have some trouble with the LDAP integration for the console."
"We previously experienced issues with security but a segregated security violation has been implemented and the issues we experienced are being fixed."
"The exporting capabilities could be improved. Currently, exporting is fully dependent on the SonarQube environment."
