Fortify on Demand Other Solutions Considered
CP
AbbasiPoonawala
Architecture Manager at Alinma Bank
We are already decommissioning Fortify and have already implemented SonarQube. We are currently using SonarQube Enterprise.
Fortify on Demand was utilized for a considerable period. However, we have now transitioned away from Fortify on Demand. It was primarily used by our CSD team, the cybersecurity defense team at the bank.
Initially, we performed penetration testing and vulnerability assessments within the Fortify platform. However, we have since implemented a DevSecOps pipeline in partnership with Red Hat. Currently, all testing, including penetration testing and vulnerability assessments, is automated within the pipeline. The pipeline runs on Tecton, enabled on the OpenShift site.
Therefore, any tool we use, be it Fortify or SonarQube, must be integrated into that pipeline. This approach has addressed most of the pain points we faced previously. Consequently, we are satisfied with SonarQube's performance now.
Fortify on Demand only offers static analysis and lacks dynamic security testing capabilities. However, if it's integrated into the pipeline, we can incorporate another tool for dynamic security testing. This was not possible with Fortify alone.
Additionally, Fortify has limited programming language support compared to SonarQube. The recent global launch of SonarQube in the GA version expanded its support for various programming platforms, such as CSM and .NET on the Java side, among others.
In our bank, we use T24 as our core banking system, which relies on a proprietary programming language called Infobasic. SonarQube also supports this language. When we place the code into the pipeline and perform builds, including the repository, we scan the entire codebase, including Infobasic code for the banking application. In summary, SonarQube offers broader programming language support. Previously, we only scanned other business-critical applications, but now we can scan our most critical banking application, T24, using SonarQube.
View full review »AM
reviewer2303070
Test Lead at a financial services firm with 10,001+ employees
We were considering upgrading to the enterprise level, given the need for a robust solution in the banking environment. During this evaluation, we compared Netsparker, Burp Suite, and Fortify. After conducting a proof of concept (POC) that involved testing APIs, websites, and infrastructure arrangements, we presented our analysis to management. Ultimately, Fortify was selected as the preferred choice.
View full review »FC
Fernando Carlos
Project Manager at Everis
I've briefly looked at Kiuwan and compared it to this solution. We also looked at Veracode.
View full review »Buyer's Guide
Application Security Tools
March 2024
Find out what your peers are saying about OpenText, Sonar, Checkmarx and others in Application Security Tools. Updated: March 2024.
765,234 professionals have used our research since 2012.
JL
Jason Lebrecht US
Sr. Manager 5G & MEC (Edge) Strategy at Verizon
I searched online and FoD allowed me the best opportunity for success due to my client’s timeline.
View full review »We carried out a POC on multiple products and Fortify came out on top.
I have evaluated other solutions, such as Contrast Security.
View full review »PR
Prakash-Rao
Vice President - Solution Architecture at a financial services firm with 10,001+ employees
We are currently using WebInspect but it does not satisfy all of our requirements. We are continuing to research other tools from other vendors, including open-source technologies. We have not fully decided yet. Before deciding on any product or vendor, we have to look at the whole cost of procuring the product license, as well as the recurring cost.
View full review »JM
Jonathas De Morais
Enterprise Systems Analyst at a manufacturing company with 10,001+ employees
We looked at CheckMarkx and SonarQube Enterprise. As I said, we are currently using SonarQube for other apps, but we use the open-source version. We tried to use the Enterprise version but it didn't cover all the aspects that we needed it to cover.
View full review »Before choosing this product, we evaluated Veracode and Checkmarx (among licensed), and FindBugs and Yasca (among free).
View full review »I'm also evaluating Black Duck and Snyk. I just have a demo – a POC.
View full review »BK
reviewer1263261
Sr. Enterprise Architect at a financial services firm with 5,001-10,000 employees
We did not evaluate other vendors beyond the solutions that we are using.
View full review »OS
Omar Sánchez (Mr.Tech)
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services
I am already using other software. We wanted to try it and it works like a charm.
View full review »While I did evaluate others, it depends on the budget.
View full review »We considered SonarQube, MSFox, and CodeInspect.
View full review »JE
reviewer1050960
CISO at a retailer with 1,001-5,000 employees
I don't remember if we evaluated anybody else. I think Fortify was recommended through a consultant. Some years ago, there were not so many vendors at a time playing in this arena. There's not so many today for static analysis, but I don't think that we really evaluated any others.
View full review »We evaluated IBM and Veracode.
View full review »NB
Nixon B
Senior Cyber Security Analyst at a financial services firm with 1,001-5,000 employees
Currently, Checkmarx offers us a graphically, revised run.
View full review »It’s a tool used at the enterprise level; hence, I did not have a chance to explore other options.
View full review »We were using many other tools like TechAbility, IBM AppScan and I think these were the predominant ones.
View full review »MJ
Mamta Jha
Co-Founder at TechScalable
We didn't evaluate any other solution. I was trying to find out which solution should I use, and I just saw good reviews of this solution. This was the first solution that we tried out, and we liked it. We started with a trial, and it was doing good. Our necessities were met, so we didn't try to figure out any other competitive tool in the market.
View full review »IL
Ives Laaf
Head of Compliance & Quality / CISO at a tech services company with 51-200 employees
We evaluated Veracode before choosing this solution.
View full review »I'm very familiar with IBM and Barracuda and others. I always know HP's competition, but I feel most comfortable with HP.
View full review »Buyer's Guide
Application Security Tools
March 2024
Find out what your peers are saying about OpenText, Sonar, Checkmarx and others in Application Security Tools. Updated: March 2024.
765,234 professionals have used our research since 2012.