We performed a comparison between Fortify on Demand and Snyk based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The SAST feature is the most valuable."
"One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that."
"The features that I have found most valuable include its security scan, the vulnerability finds, and the web interface to search and review the issues."
"The UL is easy to use compared to that of other tools, and it is highly reliable. The findings provide a lower number of false positives."
"The feature that I find the most useful is being able to just see the vulnerabilities online while checking the code and then checking suggestions for fixing them."
"The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation."
"The licensing was good."
"We have the option to test applications with or without credentials."
"It has improved our vulnerability rating and reduced our vulnerabilities through the tool during the time that we've had it. It's definitely made us more aware, as we have removed scoping for existing vulnerabilities and platforms since we rolled it out up until now."
"The most valuable feature of Snyk is the software composition analysis."
"The dependency checks of the libraries are very valuable, but the licensing part is also very important because, with open source components, licensing can be all over the place. Our project is not an open source project, but we do use quite a lot of open source components and we want to make sure that we don't have surprises in there."
"I think all the standard features are quite useful when it comes to software component scanning, but I also like the new features they're coming out with, such as container scanning, secrets scanning, and static analysis with SAST."
"The most valuable feature of Snyk is the SBOM."
"The advantage of Snyk is that Snyk automatically creates a pull request for all the findings that match or are classified according to the policy that we create. So, once we review the PR within Snyk and we approve the PR, Snyk auto-fixes the issue, which is quite interesting and which isn't there in any other product out there. So, Snyk is a step ahead in this particular area."
"What is valuable about Snyk is its simplicity."
"It has an accurate database of vulnerabilities with a low amount of false positives."
"Integration to CI/CD pipelines could be improved. The reporting format could be more user friendly so that it is easy to read."
"In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication. They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful."
"The solution has some issues with latency. Sometimes it takes a while to respond. This issue should be addressed."
"There is room for improvement in the integration process."
".NET code scanning is still dependent on building the code base before running any scan. Also, it's dependent on an IDE such as Visual Studio."
"The technical support is actually a problem that needs to be addressed. Since the acquisition and merger with Hewlett Packard, it has been really hard to know who the technical or salesperson to talk to."
"In terms of what could be improved, we need more strategic analysis reports, not just for one specific application, but for the whole enterprise. In the next release, we need more reports and more analytic views for all the applications. There is no enterprise view in Fortify. I would like enterprise views and reports."
"There's a bit of a learning curve. Our development team is struggling with following the rules and following the new processes."
"The tool's initial use is complex."
"Because Snyk has so many integrations and so many things it can do, it's hard to really understand all of them and to get that information to each team that needs it... If there were more self-service, perhaps tutorials or overviews for new teams or developers, so that they could click through and see things themselves, that would help."
"Basically the licensing costs are a little bit expensive."
"One area where Snyk could improve is in providing developers with the line where the error occurs."
"It can be improved from the reporting perspective and scanning perspective. They can also improve it on the UI front."
"The solution could improve the reports. They have been working on improving the reports but more work could be done."
"It would be helpful if we get a recommendation while doing the scan about the necessary things we need to implement after identifying the vulnerabilities."
"We use Bamboo for CI.CD, and we had problems integrating Snyk with it. Ultimately, we got the two solutions to work together, but it was difficult."
Fortify on Demand is ranked 11th in Application Security Tools with 56 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. Fortify on Demand is rated 8.0, while Snyk is rated 8.2. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Fortify on Demand is most compared with SonarQube, Checkmarx One, Veracode, Coverity and OWASP Zap, whereas Snyk is most compared with SonarQube, Black Duck, Fortify Static Code Analyzer, Veracode and Coverity. See our Fortify on Demand vs. Snyk report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.