The most valuable feature is that it connects with your development platforms, such as Microsoft Information Server and Jira. When a vulnerability is found then it is classified as a bug and sent to IT.
What needs improvement?
This solution would be improved if the code-quality perspective were added to it, on top of the security aspect. It would rate performance and other things. This is one of the reasons that people are interested in SonarQube. This would make… more »
Which solution did I use previously and why did I switch?
We also use WebInspect, SonarQube, and other security tools in addition to this solution. The use of particular tools depends on the project and the project manager that I speak with. Prior to working with Fortify on Demand, we worked using… more »
What other advice do I have?
My advice to anybody who is considering this solution is to first get buy-in from the entire organization about adopting a culture of Security by design. Fortify on Demand can scan your code, but you need to have plans in place for what… more »
Which other solutions did I evaluate?
We did not evaluate other vendors beyond the solutions that we are using.