Fortify Application Defender Alternatives and Competitors

Get our free report covering SonarSource, Synopsys, Checkmarx, and other competitors of Fortify Application Defender. Updated: January 2021.
455,536 professionals have used our research since 2012.

Read reviews of Fortify Application Defender alternatives and competitors

reviewer1428837
Security Consultant at a tech services company with 11-50 employees
Consultant
Oct 1, 2020
Straightforward to install and reports few false positives, but it should be easier to specify your own validation and sanitation routines

What is our primary use case?

I am a consultant and I work to bring solutions to different companies. Static code analysis is one of the things that I assist people with, and Coverity is one of the tools that I use for doing that. I worked with Coverity when doing a couple of different PoCs. For these, I get a few different teams of developers together and we want to decide what makes the most sense for each team as far as scanning technologies. So, part of that is what languages are supported, part of that is how extensible it is, and part of that extensibility is do the developers have time to actually create custom… more »

Pros and Cons

  • "The most valuable feature is that there were not a whole lot of false positives, at least on the codebases that I looked at."
  • "It should be easier to specify your own validation routines and sanitation routines."

What other advice do I have?

My advice for anybody who is considering this product is to first look around your organization to see if it has already been implemented in another group. If you're a big organization then Coverity or a similar tool may already be in use. In cases like this, I would say that it is best to adopt the same tool because your organization has already gone down that path and there are no huge differences in the capabilities of these tools. Some of them do it in different ways and some do things that others don't, but you won't have the initial bump of the learning curve and you can leverage their…
Yash Brahmani
Devops Engineer at a financial services firm with 10,001+ employees
Real User
Jul 26, 2020
Security hotspot feature identifies where your code is prone to have security issues

What is our primary use case?

We use it to check the code quality, and the code review to find out the vulnerabilities about the central codes like simplifications and codes. We also use it for security management.

Pros and Cons

  • "The most valuable feature is the security hotspot feature that identifies where your code is prone to have security issues."
  • "In the next release, I would like to have notifications because now, it is a bit difficult. I think that's a feature which we could add there and it would benefit the users as well. For every full request, they should be able to see their bugs or vulnerability directly on the surface."

What other advice do I have?

Awareness about how to use the product is important. It's a very good product for developers because it gives you timely notifications about where the tool has gone wrong or what could go wrong in the future. That's popular for developers. It's very good for the stats about the product for architects The metrics are how the budgeting should be done et cetera. These are the things that they can find out from the dashboard based on the lines of codes. In the next release, I would like to have notifications because now, it is a bit difficult. I think that's a feature which we could add there and…
reviewer1467588
Owner/ Consultant at a tech services company with 1-10 employees
Consultant
Dec 9, 2020
Offers many support languages, scans in a decent amount of time and is easy to set up

What is our primary use case?

We primarily use the solution for static analysis.

Pros and Cons

  • "There's extensive functionality with custom rules and a custom knowledge base."
  • "The solution often has a high number of false positives. It's an aspect they really need to improve upon."

What other advice do I have?

I worked with the solution at a previous company. Now I am a consultant and I no longer work with the product. I don't have a business relationship with HCL. I wanted to do a POC with the current state of what was IBM AppScan and now is HCL. I contacted my contacts at IBM and then they started off the conversation and it went smoothly because a number of people from IBM had gone over to HCL when that product was acquired. Various tools have their strengths, I would advise anyone who is interested in using a similar solution do a proof of concept first with a few options. Try Checkmarx…
Get our free report covering SonarSource, Synopsys, Checkmarx, and other competitors of Fortify Application Defender. Updated: January 2021.
455,536 professionals have used our research since 2012.