Micro Focus Fortify on Demand Review

Great cost benefit with good stability and reduces exposure and remediation issues

What is our primary use case?

We're implementing DevSecOps in Fortify only a part of the big picture. We are implementing the entire secure development lifecycle.

What is most valuable?

The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation.

What needs improvement?

There's a bit of a learning curve. Our development team is struggling with following the rules and following the new processes.

The initial setup is a bit complex.

We could have more detailed documentation. They could offer some quick start or some extra guidance regarding the implementation.

I'd like to see more interactive application security And more IDE integration and integration with VS Code and Eclipse. I would like to see more features of this kind.

For how long have I used the solution?

I've used this solution over the last 12 months at least.

What do I think about the stability of the solution?

The solution is stable. It's reliable. It doesn't crash or freeze. There aren't bugs or glitches.

What do I think about the scalability of the solution?

We haven't tried to scale the solution just yet. As we didn't take the SaaS solution, scalability may be limited for us. I'm unsure. I can't really comment on that.

Currently, we have about 20 people on the development team.

Right now, we don't plan to increase usage.

How are customer service and technical support?

The technical support is fine, however, it would be very helpful, especially during implementation, if there was more documentation and help surrounding setup.

Which solution did I use previously and why did I switch?

We did not use a different solution previously. Before we had this solution, we were just evaluating other solutions and looking at the costs, and trying to bring in something newer, like an integrated automated secure stack, or something like that.

How was the initial setup?

We found that the initial setup a bit complex. It's not exactly straightforward. For a newbie, there's a learning curve, and that can slow things down a bit.

Our deployment took about three to four months.

What about the implementation team?

We only deployed in our company and we didn't use a consultant or integrator. We handled it completely in-house.

What was our ROI?

At this time, I don't have an answer on the return of investment. As far as I can see, it's necessary. If we got exposed or had a data leak it would cost the company dearly. With that in mind, while I can see there's an ROI, I can't provide an exact number.

What's my experience with pricing, setup cost, and licensing?

We pay for licensing. We do pay an extra cost for implementing the infrastructure into the cloud. 

Which other solutions did I evaluate?

I've briefly looked at Kiuwan and compared it to this solution. We also looked at Veracode.

What other advice do I have?

We're just a customer and we offer consulting services.

We are bringing up all the infrastructure inside GCP. It's not ready yet, and we're still implementing it. We're going to bring it up next week, probably, in terms of the infrastructure. We'll perform the SSC installation, install the controller and sensors.

The most important thing a company needs to do is to pay attention to the license calculation. They need to know how many licenses are going to be used. They need to understand the Micro Focus offer. That way, you won't be charged if you have surpassed the application limit. This is very important. That's something we faced in the past that caused a lot of problems. We needed to estimate the sizing correctly of the infrastructure. Doing that will bring value to the builds and deployments. Otherwise, you're going to spend a lot of time doing the scanning, and the developers will be very mad.

I'd rate the solution ten out of ten. It's the best on the market for me.

Which deployment model are you using for this solution?

Public Cloud

Which version of this solution are you currently using?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Micro Focus Fortify on Demand reviews from users
...who work at a Financial Services Firm
...who compared it with SonarQube
Learn what your peers think about Micro Focus Fortify on Demand. Get advice and tips from experienced pros sharing their opinions. Updated: April 2021.
475,208 professionals have used our research since 2012.
Add a Comment
1 Comment

author avatarJason Lebrecht US (Verizon)
Top 10Real User

Hello Fernando, great to see that the Fortify solution continues to provide value by reducing risk. Great honest review.

Jason Lebrecht