What is our primary use case?
We use this solution for inspecting our security, such as checking to see if our developers are securing their code properly. For example, we have to ensure that they are not inadvertently exposing any IP addresses or passwords. We have to be cautious because most of our applications are related to banking and the financial domain.
Fortify Application Defender accomplishes this by performing source code analysis, and it scans using agents. The source code check involves static code analysis to see if things like passwords are exposed.
What is most valuable?
The most valuable feature is that it analyzes data in real-time.
The Audit Workbench allows us to analyze and see if things are okay on our end, giving us the option to manipulate the rules if needed.
The intelligence behind the static code analysis is really amazing. When we used to do code reviews we did not get that level of depth, in terms of identifying security concerns.
The user interface is really simple to use.
What needs improvement?
There are a couple of vulnerabilities not covered by the solution and we are working on how we can improve on these things. An example of this is when we have a static value that is stored in a database. We need to use a workaround when a value is not exposed directly to the code base, where we check that code dynamically.
The workbench is a little bit complex when you first start using it.
For how long have I used the solution?
I have been using Fortify Application Defender for around three months.
What do I think about the stability of the solution?
We are satisfied with the stability.
What do I think about the scalability of the solution?
This is a scalable solution. To this point, we have had no trouble with scalability.
How are customer service and technical support?
Technical support from Micro Focus is good.
Which solution did I use previously and why did I switch?
I have been using SonarQube for about a year and a half.
How was the initial setup?
The initial setup is straightforward but the length of time required for deployment depends on the environment. In our development environment, we can deploy this solution in five minutes. However, in our pre-production and production environments, it takes more time because the platform needs to be more mature.
What about the implementation team?
We had our in-house team implement this solution.
What other advice do I have?
This is a great tool and the kind of support it provides is very helpful. It is easy to adopt for any technology and integrates well with any kind of small platform.
I would rate this solution a nine out of ten.
Which deployment model are you using for this solution?