Micro Focus Fortify on Demand Pros and Cons
Micro Focus Fortify on Demand Pros
The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it.View full review »
The most valuable feature is that it connects with your development platforms, such as Microsoft Information Server and Jira.View full review »
One of the valuable features is the ability to submit your code and have it run in the background. Then, if something comes up that is more specific, you have the security analyst who can jump in and help, if needed.View full review »
I do not remember any issues with stability.
The licensing was good.
The installation was easy.View full review »
Fortify on Demand is easy to use and the reporting is good.View full review »
This product is top-notch solution and the technology is the best on the market.View full review »
t's a cloud-based solution, so there was no installation involved.View full review »
It improves future security scans.
Fortify helps us to stay updated with the newest languages and versions coming out.View full review »
The static code analyzers are the most valuable features of this solution.View full review »
It has saved us a lot of time as we focus primarily on programming rather than tool operational work.View full review »
Micro Focus Fortify on Demand Cons
Primarily for a complex, advanced website, they don't really understand some of the functionalities. So for instance, they could tell us that there is a vulnerability because somebody could possibly do something, but they don't really understand the code to realize that we actually negate that vulnerability through some other mechanism in the program. In addition, the technical support is just not there. We have open tickets. They don't respond. Even if they respond, we're not seeing eye to eye. As the company got sold and bought, the support got worse.View full review »
This solution would be improved if the code-quality perspective were added to it, on top of the security aspect.View full review »
It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the overall time span to scan the code, and even to set up the code scanning, is a bit overwhelming for regular developers.
If you have a continuous integration in place, for example, and you want it to run along with your build and you want it to be fast, you're not going to get it. It adds to your development time.View full review »
There were some regulated compliances, which were not there.View full review »
The vulnerability analysis does not always provide guidelines for what the developer should do in order to correct the problem, which means that the code has to be manually inspected and understood.View full review »
The technical support is actually a problem that needs to be addressed. Since the acquisition and merger with Hewlett Packard, it has been really hard to know who the technical or salesperson to talk to.View full review »
The solution has some issues with latency. Sometimes it takes a while to respond. This issue should be addressed.View full review »
Sometimes when we run a full scan, we have a bunch of issues in the code. We should not have any issues.
We would like a reduction in the time frame of scans. It takes us three to five days to run a scan now. We would like that reduced to under three days.View full review »
The reporting capabilities need improvement, as there are some features that we would like to have but are not available at the moment.View full review »
It lacks of some important features that the competitors have, such as Software Composition Analysis, full dead code detection, and Agile Alliance's Best Practices and Technical Debt.View full review »