We performed a comparison between Checkmarx and Micro Focus Fortify on Demand based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions are very comparable. All categories received similar ratings except that Checkmarx got better rewviews on deployment and support.
"Most valuable features include: ease of use, dashboard. interface and the ability to report."
"The solution allows us to create custom rules for code checks."
"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."
"It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
"The value you can get out of the speedy production may be worth the price tag."
"The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"It helps deploy and track changes easily as per time-to-time market upgrades."
"The features that I have found most valuable include its security scan, the vulnerability finds, and the web interface to search and review the issues."
"Being able to reduce risk overall is a very valuable feature for us."
"The quality of application security testing reduces risk and gives very few false positives."
"The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it."
"Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."
"The solution is very fast."
"One of the valuable features is the ability to submit your code and have it run in the background. Then, if something comes up that is more specific, you have the security analyst who can jump in and help, if needed."
"Micro-services need to be included in the next release."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"I would like to see the tool’s pricing improved."
"Meta data is always needed."
"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."
"Checkmarx is not good because it has too many false positive issues."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"I would like to see the rate of false positives reduced."
"Takes up a lot of resources which can slow things down."
"They have very good support, but there is always room for improvement."
"Reporting could be improved."
"Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify."
"It does scanning for all virtual machines and other things, but it doesn't do the scanning for containers. It currently lacks the ability to do the scanning on containers. We're asking their product management team to expand this capability to containers."
"They could provide features for artificial intelligence similar to other vendors."
"We typically do our bulk uploads of our scans with some automation at the end of the development cycle but the scanning can take a lot of time. If you were doing all of it at regular intervals it would still consume a lot of time. This could procedure could improve."
"Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Fortify on Demand is ranked 11th in Application Security Tools with 56 reviews. Checkmarx One is rated 7.6, while Fortify on Demand is rated 8.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". Checkmarx One is most compared with SonarQube, Veracode, Snyk, Coverity and Mend.io, whereas Fortify on Demand is most compared with SonarQube, Veracode, Coverity, Fortify WebInspect and Snyk. See our Checkmarx One vs. Fortify on Demand report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.