We performed a comparison between Fortify on Demand and Polyspace Code Prover based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The UL is easy to use compared to that of other tools, and it is highly reliable. The findings provide a lower number of false positives."
"It has saved us a lot of time as we focus primarily on programming rather than tool operational work."
"Fortify on Demand can be scaled very easily."
"Audit workbench: for on-the-fly defect auditing."
"We identified a lot of security vulnerability much earlier in the development and could fix this well before the product was rolled out to a huge number of clients."
"Micro Focus WebInspect and Fortify code analysis tools are fully integrated with SSC portals and can instantly register to error tracking systems, like TFS and JIRA."
"The feature that I find the most useful is being able to just see the vulnerabilities online while checking the code and then checking suggestions for fixing them."
"One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that."
"When we work on safety modules, it is mandatory to fulfill ISO 26262 compliance. Using Prover helps fulfill the standard on top of many other quality checks, like division by zero, data type casts, and null pointer dereferences."
"The outputs are very reliable."
"The product detects memory corruptions."
"Polyspace Code Prover is a very user-friendly tool."
"Polyspace Code Prover has made me realize it differs from other static code analysis tools because it runs the code. So it's quite distinct in that aspect."
"The Visual Studio plugin seems to hang when a scan is run on big projects. I would expect some improvements there."
"Sometimes when we run a full scan, we have a bunch of issues in the code. We should not have any issues."
"There are many false positives identified by the solution."
"We would like a reduction in the time frame of scans. It takes us three to five days to run a scan now. We would like that reduced to under three days."
"The reporting capabilities need improvement, as there are some features that we would like to have but are not available at the moment."
".NET code scanning is still dependent on building the code base before running any scan. Also, it's dependent on an IDE such as Visual Studio."
"We have some stability issues, but they are minimal."
"Integration to CI/CD pipelines could be improved. The reporting format could be more user friendly so that it is easy to read."
"The tool has some stability issues."
"Automation could be a challenge."
"I'd like the data to be taken from any format."
"Using Code Prover on large applications crashes sometimes."
"One of the main disadvantages is the time it takes to initiate the first run."
Fortify on Demand is ranked 11th in Application Security Tools with 55 reviews while Polyspace Code Prover is ranked 23rd in Application Security Tools with 5 reviews. Fortify on Demand is rated 8.0, while Polyspace Code Prover is rated 7.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Polyspace Code Prover writes "A stable solution for developing software components". Fortify on Demand is most compared with SonarQube, Checkmarx, Veracode, Coverity and Fortify WebInspect, whereas Polyspace Code Prover is most compared with SonarQube, Coverity, Klocwork, CodeSonar and Checkmarx. See our Fortify on Demand vs. Polyspace Code Prover report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.