We performed a comparison between Fortify on Demand and SonarCloud based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The vulnerability detection and scanning are awesome features."
"The SAST feature is the most valuable."
"The most valuable feature is that it connects with your development platforms, such as Microsoft Information Server and Jira."
"The features that I have found most valuable include its security scan, the vulnerability finds, and the web interface to search and review the issues."
"Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning."
"Fortify supports most languages. Other tools are limited to Java and other typical languages. IBM's solutions aren't flexible enough to support any language. Fortify also integrates with lots of tools because it has API support."
"The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product)."
"The installation was easy."
"The most valuable feature of SonarCloud is its overall performance."
"The reports from SonarCloud are very good."
"I'm not implementing the solutions. However, I've talked to the people who deploy the tools, and they are happy with how easy setting up SonarCloud is."
"Its dashboard provides a unified view of various code quality metrics, including code duplication, unit test coverage, and security hotspots."
"SonarCloud is overall a good tool for identifying code smells, bugs, and code duplication, but we've found that using Android Lint is more effective for our needs."
"The most valuable features of SonarCloud are the ability to discover vulnerabilities, security weak points, security hotspots, and all the feedback that comes into the feature branch. You can deploy the code with the security, you can eliminate the problem at the developer level rather than identifying the problem in the productions."
"The solution can be installed locally."
"Recently, they introduced support for mono reports and microservices, which is a noteworthy development as it provides a more detailed view of each service."
"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."
"The thing that could be improved is reducing the cost of usage and including some of the most pricey features, such as dynamic analysis and that sort of functionality, which makes the difference between different types of tools."
"They have a release coming out, which is full of new features. Based on their roadmap, there's nothing that I would suggest for them to put in it that they haven't already suggested. However, I am a customer, so I always think the pricing is something that could be improved. I am working with them on that, and they're very flexible. They work with their customers and kind of tailor the product to the customer's needs. So far, I am very happy with what they're able to provide. Their subscriptions could use a little bit of a reworking, but that would be about it."
"In terms of what could be improved, we need more strategic analysis reports, not just for one specific application, but for the whole enterprise. In the next release, we need more reports and more analytic views for all the applications. There is no enterprise view in Fortify. I would like enterprise views and reports."
"The technical support is actually a problem that needs to be addressed. Since the acquisition and merger with Hewlett Packard, it has been really hard to know who the technical or salesperson to talk to."
"The reporting capabilities need improvement, as there are some features that we would like to have but are not available at the moment."
"Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify."
"In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication. They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful."
"SonarCloud can improve the false positives. Sometimes the gates sometimes act a little weird. We then need to manually go and mark the false positive."
"The documentation needs improvement on optimizing build time for seamless CI/CD integration with our Android apps."
"There's room for improvement in the configuration process, particularly during the initial setup phase."
"We had some issues with the scanner."
"The solution needs to improve its customization and flexibility."
"I've been told by the developers that the solution is too limited. It's not testing enough within the containers."
"CI/CD pipeline is part of a whole chain of design, development, and production, and it's becoming increasingly crucial to optimize the various tools across different stages. However, it's still a silo approach because the full integration is missing. This isn't just an issue with SonarCloud. It's a general problem with tooling."
"It would be helpful if notifications could go out to an extra person."
Fortify on Demand is ranked 9th in Application Security Testing (AST) with 56 reviews while SonarCloud is ranked 10th in Application Security Testing (AST) with 10 reviews. Fortify on Demand is rated 8.0, while SonarCloud is rated 8.4. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of SonarCloud writes "Beneficial vulnerability discovery, simple to maintain, and proactive support". Fortify on Demand is most compared with SonarQube, Checkmarx One, Veracode, Coverity and Fortify WebInspect, whereas SonarCloud is most compared with SonarQube, Veracode, Checkmarx One, OWASP Zap and GitHub Code Scanning. See our Fortify on Demand vs. SonarCloud report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.