The solution was implemented prior to my joining the company so I have no information regarding the initial setup. 

I am the architecture manager, and my team evaluated and onboarded Fortify based on reviews and evaluations from GQ, Peerspot, Gartner, and even Forrester.

During the setup process, we had concerns regarding the cost. From the CSD perspective, Fortify was not very cost-friendly. The CSD has a separate budget and reports directly to the CEO and CIO. We had to consider our budget limitations because we have been leveraging Fortify since the bank's inception in 2008. Although we have utilized it extensively, the cost appeared higher compared to SonarQube. Hence, we decided to go with SonarQube. However, I must say that Fortify offered a lot of value.

It was quite manageable to maintain. We have a dedicated team that supports Fortify in production. So, it was quite manageable. 

The initial setup is complicated. It takes around four to five hours to complete, including installation and scanning. I rate the process a seven out of ten.

The initial setup was simple.

The product itself is easy to set up, but establishing the necessary culture and structure is a bit complex. We need to develop a culture and create sub-teams within the teams. Each team needs a security coordinator who can relate what new things are coming in, such as CVEs or new scans that need to be done.

For maintenance, we have a team of two product owners who are heavily involved with the product itself. We have around three or four people with a good understanding of deploying and maintaining the solution.

The initial setup was not straightforward because I had the ALM.net, not the .com version, and Fortify on Demand was configured to be integrated with ALM.com, not with ALM.net. This caused me some issues with the integration. When I scanned and identified the defects, these were not automatically raised in ALM, which was a major problem for me. I understood that they needed to do some development in order to make it work with ALM.net. The deployment took no more than one business day.

The initial setup of this solution on-premises is easy; however, we have had difficulties installing it online in our clients' environments.

We found that the initial setup a bit complex. It's not exactly straightforward. For a newbie, there's a learning curve, and that can slow things down a bit.

Our deployment took about three to four months.

Super easy deployment and usage of the scanning capabilities. The setup was straightforward, and the ability to enter data and start the correct scan was intuitive.

The initial setup is moderately complex and takes a couple of hours. We have 20 users who are developers and ops staff. 

It is very straightforward to set up. You can set it up in minutes.

My understanding is the this is not a difficult solution to manage and maintain.

The initial setup was straightforward. We had onsite training from HPE to help set up the local environment and first scans, and that was helpful.

The initial setup is straightforward. 

The installation can take a couple of hours depending on what the deployment is, such as, on cloud or on-premise. Additionally, the size of the code that will be put on the system can impact the time, but it does not take long. 

The initial setup was a medium effort, not too complex. However, the bulk scan uploads took time. Overall it took an average amount of time and it was easy to integrate and work with.

The setup is easy and it only takes about 30 minutes to perform a basic code review in Java when dealing with WAR files.

It can get more complicated when you want to fine-tune the reporting interface to give only the details that you want to see. This is because the initial configuration depends on other variables like the scope of the review, the client's preferences, the technician's preferences, and other factors.

When it comes to launching Fortify on Demand and connecting it to our codebase, it's quite easy. Getting quick reviews done on WAR files is a relatively simple procedure.

Initial setup is quite easy.

It was straightforward. It took us two or three months because we had to integrate with our DevOps and pipeline solutions. It took a bit of extra time.

In terms of maintenance, we need to update the version. Micro Focus releases new versions every two months or so.

The implementation process was complex. The documentation was not clear to me.

The initial setup of Micro Focus Fortify on Demand was simple. The deployment took approximately three or four days.

I give the initial setup a nine out of ten. The deployment took a few hours and required one person to implement.

As compared to the other tools that I've worked with, it is probably in the middle range. It is definitely not the simplest one where you just run the installation, and it will be all done, but you also don't tend to run into too many problems that aren't easy to figure out during the install process. If you go from lowest to highest complexity, it would be right in the middle.

The initial setup was quite simple.

I performed the deployment a couple of times on different platforms and it did not take much effort to set up. I also did the integration with other platforms like Microsoft Information Server and it was quite easy. You just need to know the platform that you are integrating into.

When it came time to deploy, I just had to run through the documentation on the vendor's web site. I spent one day reading it and one the second day, I did my integration. It took about eight hours that day, and I had challenges but they came from the platform that I was integrating into, like Microsoft Information Server. There were things to be done, such as converting XML files. The next day I was able to fix the problems, so in total it took me between nine and twelve hours to integrate it.

The second time that I deployed this solution it took me not more than two or three hours to repeat all of these same steps.

The initial setup is very simple because no installation is necessary - you just need to access the application and configure it. 

The basic scanning is not very complex. When you get into more detailed scanning such as APIs, the level of complexity is moderate. However, when you are scanning that type of application, you usually have teams available that know what to do and what the configuration needs to be. We did our first scan within two days.

We had some issue with logins and account setups, but received excellent support.

Yes. Very easy.

The initial setup is straightforward and the second or third-tier support is available whenever we face an issue or something. Most of the components are plug-and-play, so it doesn't take much time. 

Initial setup was easy and intuitive: just specify the license path and install the product.

The initial setup is straightforward and not that complex. We had some support from IT.

The initial setup was very easy and straightforward. We were able to roll out this service to all our business units.

I wasn't responsible for setting it up. 

The deployment was super easy as the interface is straightforward. It was almost too easy.

Deployment takes between four to six months.

The initial setup was pretty much straightforward. It was quite easy to implement. 

It is quite intuitive, and the training model that they have helps the development team in using it easily. The deployment process took only about two weeks.

In terms of the implementation strategy, it started with a kickoff meeting with the provider who offered the solution. We involved the development team, security information team, and infrastructure team from the beginning. They all knew what can be done with the solution and what role they are going to play in the implementation process, which helped a lot to achieve a pretty short implementation time.

Our website is complex, so the setup is also complex. By definition, we expected it to be complex, and Checkmarx should also be complex because of the culture, habits, and complexity of our custom-developed website. Our website is not an off-the-shelf product, so there's a lot of complexity that comes with it by nature. But that's okay.

The initial deployment goal was to scan every bit and byte of code on the production e-commerce site. That was the plan. We started rolling this out and then we started sending tests. We went back and forth on whether we should make it in-line automatic that we scan sales, in a way that it would not allow the code to move further, or if we should do it off to the side, such that the application development life cycle continues to run separately, while somebody is scanning it making sure we dissolve all the issues. So we tried both routes. There are benefits to each, and it's definitely safer to do it in-line. Again, the culture, habits, and technology's use mean that it is not always best to do it in-line because it could become too complicated and break too many things. So we actually switched that. There is a person that does that. It's not built into the migration system by default. Somebody is scanning it and then moves to the next one.

Setup was not complex, although given our size it was a challenge.

It's a cloud-based solution, so there was no installation involved.

I was not involved in the initial implementation.

Initial setup was complex; we ran into lot of memory issues. The Visual Studio plugin was not responsive, either.

The initial setup was pretty easy and straightforward.

I think the initial setup for the on-demand product is straightforward. The product installed on-premises is somewhat complex. For this reason, it is better that the on-premises version is installed with the help of integrators or consultants. 

It was very straightforward in comparison to other solutions that we had used in the past.

It was good. I don't think we struggled that much.

The implementation of Micro Focus Fortify on Demand was simple, since it is on the cloud everything is automatic. They give you an account and that is all, you use the product.

The premise solution is more rentable. However, it is asking for a lot of effort in the implementation, administration, and integration in the pipeline. It takes time until the company comes to the right level to be able to manage this product. Even with the right partners in Latin America that work with us, it took some time.

The initial setup is not so easy, but not so difficult. I would say it is medium difficulty.

Most of our clients use straightforward implementation; we recommend straightforward implementation because of the simplicity of the architecture and usage. For example, installing using the best practices for each product.

The initial setup of this solution is straightforward.

It took approximately two hours to deploy, and because it is a cloud-based solution it does not require anybody for maintenance.

It's not straightforward, but it's not complex either. It could also be improved.

The setup and installation were straightforward.