Micro Focus Fortify on Demand Review

It enforces source-code scanning and finding vulnerabilities in source code. It would be nice if it could manage the false positives better.


Valuable Features

It enforces source-code scanning, finding vulnerabilities in source code.

Improvements to My Organization

We're able to find vulnerabilities and weaknesses actually posting to site. We can get to these issues in our staging areas for active data and for verifying user vulnerabilities. It helps the development cycle in that we don't need other people involved in the scans. We're doing pre-scans and then getting other teams involved.

Room for Improvement

There are a lot of false positives and there's not a good way to manage them. They appear after every scan, and it would be nice to have them marked out so that we don't see them.

Deployment Issues

We've had no issues with deployment.

Stability Issues

Stability could use a little improvement as we've had some issues. It runs out of memory sometimes and uses a lot of resources. Sometimes the scans don't work.

Scalability Issues

For code scans, company size doesn't really matter so much as the size of the code. It works well with the code scans we're running. Our lines of code aren't as huge as other applications we build, and it doesn't support every type of our applications, which are primarily .NET and HPE apps.

Customer Service and Technical Support

Technical support isn't top-notch, but it's not bad. It's just average. They take a while to resolve issues.

Initial Setup

The initial setup was pretty easy and straightforward.

Other Advice

Find the solution that works best for your environment, using the group concept to try them all. Then determine which is best for you.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email