We performed a comparison between MicroFocus Fortify on Demand and Veracode based on our users’ reviews in four categories. After reading the collected data, you can find our conclusion below.
Comparison Results: Veracode nudges ahead of Microfocus Fortify on Demand in this comparison. Veracode users feel the solution enables them to analyze every security flaw, discrepancy, and vulnerability, and feel the reporting is very concise. Microfocus can be very taxing on resources and can potentially slow processes down considerably.
"The SAST feature is the most valuable."
"The licensing was good."
"Fortify on Demand's best feature is that there's no need to install and configure it locally since it's on the cloud."
"Fortify on Demand is easy to use and the reporting is good."
"It improves future security scans."
"While using Micro Focus Fortify on Demand we have been very happy with the results and findings."
"The UL is easy to use compared to that of other tools, and it is highly reliable. The findings provide a lower number of false positives."
"The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it."
"We use it to get our scan results and see where our software is vulnerable or not vulnerable."
"Veracode provides guidance for fixing vulnerabilities. It enables developers to write secure code from the start by pointing them to the problematic line of code, and saying, "This function/method has security vulnerabilities," then suggests alternatives to fix it. Then, we adopt their suggestions of the tool. By implementing it in the right way, we can fix the issue. For example, if the tool has found a method where it copied one piece of memory into another piece of memory in the code. The tool points to problematic methods with the vulnerability and provides ways to code it more securely. By adopting their suggestions, we are fixing this vulnerability."
"The one thing we really liked about Veracode when we got it was the consultation calls; that our developers are able to schedule them on their own, instead of going to a "gatekeeper." They upload their code, they have questions, they schedule it, they speak with someone on the other side who is an expert, they can speak developer-to-developers."
"One thing that I like about Veracode is that it is quite a good tool for dynamic application testing."
"Our development team use this solution for static code analysis and pen testing."
"The product’s policy reporting for ensuring compliance with industry standards and regulations is great."
"There have been a lot of benefits gained from Veracode. Compared to other tools, Veracode has good flexibility with an easy way to run a scan. We get in-depth details on how to fix things and go through the process. They provide good process documents, community, and consultation for any issues that occur during the use of Veracode."
"I like Veracode's ease of integration and onboarding. You can quickly and easily get started with a new project or application. That's one area where Veracode shines relative to other tools we've evaluated. Other tools need more work or an engineer to do the setup. With Veracode, you can do the onboarding in a few steps quickly."
"Micro Focus Fortify on Demand could improve the reports. They could benefit from being more user-friendly and intuitive."
"Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve."
"There are many false positives identified by the solution."
"The technical support is actually a problem that needs to be addressed. Since the acquisition and merger with Hewlett Packard, it has been really hard to know who the technical or salesperson to talk to."
"We have some stability issues, but they are minimal."
"Sometimes when we run a full scan, we have a bunch of issues in the code. We should not have any issues."
"The Visual Studio plugin seems to hang when a scan is run on big projects. I would expect some improvements there."
"They could provide features for artificial intelligence similar to other vendors."
"We use Ruby on Rails and we still don't have any support for that from Veracode."
"The documentation is poor and the technical support isn't helpful."
"It could be improved with support for more programming languages, like SQL."
"Scanning large amounts of code can be a time-consuming process and there is scope for improvement."
"I would like Veracode to add more language support."
"Software developers are always thinking about the next big thing but lose sight of what's happening right now. If you have an idea for a feature request, you must submit it to be voted on by the Veracode community. I don't like this. No one will look at it unless enough people vote for it."
"Raw file scans and dynamic scans would be an improvement, instead of dealing with code binaries."
"The policies you have, where you can tune the findings you get, don't allow you not to file tickets about certain findings. It will always report the findings, even if you know you're not that concerned about a library writing to a system log, for example. It will keep raising them, even though you may have a ticket about it. The integration will keep updating the ticket every time the scan runs."
Fortify on Demand is ranked 11th in Application Security Tools with 56 reviews while Veracode is ranked 2nd in Application Security Tools with 193 reviews. Fortify on Demand is rated 8.0, while Veracode is rated 8.2. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Fortify on Demand is most compared with SonarQube, Checkmarx One, Coverity, Fortify WebInspect and OWASP Zap, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, OWASP Zap and Fortify Static Code Analyzer. See our Fortify on Demand vs. Veracode report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.