Fortify Application Defender vs SonarQube

Fortify Application Defender is ranked 27th in Application Security with 1 review vs SonarQube which is ranked 3rd in Application Security with 10 reviews. The top reviewer of Fortify Application Defender writes "Its ability to find security defects is valuable. However, support for older compilers/IDEs is lacking". The top reviewer of SonarQube writes "Code convention ensures consistency and graphing tool gives overall view of code changes over time". Fortify Application Defender is most compared with SonarQube, Coverity and Checkmarx. SonarQube is most compared with Fortify on Demand, Checkmarx and Veracode.
Cancel
You must select at least 2 products to compare!
+Add products to compare
Most Helpful Review
Find out what your peers are saying about CA Technologies, Checkmarx, SonarQube and others in Application Security.
288,343 professionals have used our research since 2012.

Quotes From Members Comparing Fortify Application Defender vs SonarQube

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
Pros
Its ability to find security defects is valuable.

Read more »

It is very good at identifying technical debt.It easily ties into our continuous integration pipeline.With SonarQube's web interface, it is easy to drill down to see the individual problems, but also to look at the project from above and get the big picture, with possible larger problem areas.Code Convention: Using the tool to implement some sort of coding convention is really useful and ensures that the code is consistent no matter how many contributors.It's enabled us to improve software quality and help us to disseminate best practices.I follow Quality Gate's graduation model within organization, and it is extremely helpful for me to benchmark products.The customizable dashboard and ability to include results and coverage from unit test and other static analysis code tools.Issue Explanations: Documentation with detailed samples. Helps in growing technical knowledge and re-writing logic to conforming solutions.

Read more »

Cons
Support for older compilers/IDEs is lacking.

Read more »

I find it is light on the security side.An improvement is with false positives. Sometimes the tool can say there is an issue in your code but, really, you have to do things in a certain way due to external dependencies, and I think it's very hard to indicate this is the case.A better design of the interface and add some new rules.When we have a thousand products published over it, we expect it to be more efficient in terms of serving requests from the browser.Ease of use/interface.It requires advanced heuristics to recognize more complex constructs that could be disregarded as issues.There is need for support for the additional languages and ease of use in adding new rules for detecting issues.We had some issues where the Quality Gate check sometimes gets stuck and it is unclear.

Read more »

Pricing and Cost Advice
Information Not Available
The price point on SonarQube is good.The licence is standard open source licensingThis product is open source and very convenient.People can try the free licenses and later can seek buying plugins/support, etc. once they started liking it.Get the paid version which allows the customized dashboard and provides technical support.We did not purchase a license (required for C++ support), but this option was considered.This is open source.

Read more »

report
Use our free recommendation engine to learn which Application Security solutions are best for your needs.
288,343 professionals have used our research since 2012.
Ranking
RANKING
Views
347
Comparisons
313
Reviews
0
Followers
52
Avg. Rating
N/A
Views
31,072
Comparisons
22,557
Reviews
9
Followers
837
Avg. Rating
8.4
Top Comparisons
Top ComparisonsSee more Fortify Application Defender competitors »
Compared 27% of the time.
Compared 22% of the time.
Compared 20% of the time.
See more SonarQube competitors »
Also Known As
Also Known AsHPE Fortify Application Defender, Micro Focus Fortify Application DefenderSonar
Website/Video
Website/VideoMicro Focus
SonarQube
Overview
OverviewMicro Focus Security Fortify Application Defender is a runtime application self-protection (RASP) solution that helps you manage and mitigate risk from homegrown or third-party applications. It provides centralized visibility into application use and abuse while protecting from software vulnerability exploits and other violations in real time.SonarQube is the central place to manage code quality, offering visual reporting on and across projects and enabling to replay the past to follow metrics evolution
OFFER
Learn more about Fortify Application Defender
Learn more about SonarQube
Sample Customers
Sample Customers
Information Not Available
Bank of America, Siemens, Cognizant, Thales, Cisco, eBay
Top Industries
Top Industries
No Data Available
VISITORS READING REVIEWS
Financial Services Firm
23%
Retailer
8%
Energy/Utilities Company
7%
Government
6%
Company Size
Company Size
No Data Available
REVIEWERS
Small Business
21%
Midsize Enterprise
29%
Large Enterprise
50%
VISITORS READING REVIEWS
Small Business
10%
Midsize Enterprise
14%
Large Enterprise
76%
Find out what your peers are saying about CA Technologies, Checkmarx, SonarQube and others in Application Security.
Download now
288,343 professionals have used our research since 2012.
We monitor all Application Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.

Sign Up with Email