We just raised a $30M Series A: Read our story
Mamta Jha
Co-Founder at TechScalable
Real User
Top 20
A feature-rich solution for simplified designing and architecting

Pros and Cons

  • "Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."
  • "In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication. They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful."

What is our primary use case?

We are architecting applications for e-commerce websites similar to Amazon. Everything is running on the cloud, and Micro Focus Fortify on Demand is totally integrated with our solution at this point in time.

What is most valuable?

Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices.

Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much.

What needs improvement?

In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication.

They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful.

For how long have I used the solution?

I have been using this solution for three years.

What do I think about the stability of the solution?

We have not come across anything major. We have been using it for quite a while, and we are happy with it. 

What do I think about the scalability of the solution?

Scalability is good. Our customer bases are not that huge. Bigger enterprises may have trouble in scaling it, but for our load of work, it is working fine.

We have more than ten users. We are a very small startup, and we don't have too many people. 

How are customer service and technical support?

Till now, we have not raised any tickets. If we are stuck with something, we just google and find out. We use their documentation, which is good enough. That's why we didn't raise any technical queries or things like that.

How was the initial setup?

It was good. I don't think we struggled that much.

What about the implementation team?

We implemented it ourselves. We have two people to maintain this solution.

Which other solutions did I evaluate?

We didn't evaluate any other solution. I was trying to find out which solution should I use, and I just saw good reviews of this solution. This was the first solution that we tried out, and we liked it. We started with a trial, and it was doing good. Our necessities were met, so we didn't try to figure out any other competitive tool in the market. 

What other advice do I have?

You can choose this product for sure with a lot of confidence. It entirely depends on how you are exploring the stuff and trying to integrate it. Designing has to be good. It has all the features, but exploring the features and using it as per your need is important. It is not that features are not there. You just need to explore them and know how to use them. 

I would rate Micro Focus Fortify on Demand an eight out of ten. It is a good product. However, it needs improvements from the security aspect and from the aspect of integrations with other popular tools in the market.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
AP
Project Analyst at a financial services firm with 1,001-5,000 employees
Real User
Top 20
A cost-effective and intuitive solution for checking vulnerabilities during the development process

Pros and Cons

  • "The most valuable feature is the capacity to be able to check vulnerabilities during the development process. The development team can check whether the code they are using is vulnerable to some type of attack or there is some type of vulnerability so that they can mitigate it. It helps us in achieving a more secure approach towards internal applications. It is an intuitive solution. It gives all the information that a developer needs to remediate a vulnerability in the coding process. It also gives you some examples of how to remediate a vulnerability in different programming languages. This solution is pretty much what we were searching for."
  • "It natively supports only a few languages. They can include support for more native languages. The response time from the support team can also be improved. They can maybe include video tutorials explaining the remediation process. The remediation process is sometimes not that clear. It would be helpful to have videos. Sometimes, the solution that the tool gives in the GUI is not straightforward to understand for the developer. At present, for any such issues, you have to create a ticket for the support team and request help from the support team."

What is our primary use case?

We use it for statistical analysis for Java applications that are used in the collection process of a bank. It is also used for an internal web page. The tellers use this web page in the branches to make money transactions, such as withdrawals, deposits, etc.

What is most valuable?

The most valuable feature is the capacity to be able to check vulnerabilities during the development process. The development team can check whether the code they are using is vulnerable to some type of attack or there is some type of vulnerability so that they can mitigate it. It helps us in achieving a more secure approach towards internal applications.

It is an intuitive solution. It gives all the information that a developer needs to remediate a vulnerability in the coding process. It also gives you some examples of how to remediate a vulnerability in different programming languages. This solution is pretty much what we were searching for.

What needs improvement?

It natively supports only a few languages. They can include support for more native languages. The response time from the support team can also be improved. 

They can maybe include video tutorials explaining the remediation process. The remediation process is sometimes not that clear. It would be helpful to have videos. Sometimes, the solution that the tool gives in the GUI is not straightforward to understand for the developer. At present, for any such issues, you have to create a ticket for the support team and request help from the support team.

For how long have I used the solution?

I have been using this solution for two or three months.

What do I think about the stability of the solution?

It has been pretty stable.

What do I think about the scalability of the solution?

It is scalable, but we haven't scaled it much. Currently, we have ten users, but it is capable of taking many more users.

How are customer service and technical support?

Their support is good, but sometimes, they take a bit longer. For high severity incidents, they should properly identify the team that has to be engaged to solve an issue. I would rate them an eight out of ten.

How was the initial setup?

The initial setup was pretty much straightforward. It was quite easy to implement. 

It is quite intuitive, and the training model that they have helps the development team in using it easily. The deployment process took only about two weeks.

In terms of the implementation strategy, it started with a kickoff meeting with the provider who offered the solution. We involved the development team, security information team, and infrastructure team from the beginning. They all knew what can be done with the solution and what role they are going to play in the implementation process, which helped a lot to achieve a pretty short implementation time.

What's my experience with pricing, setup cost, and licensing?

It is cost-effective.

What other advice do I have?

It is a great solution. It is cost-effective for a secure development process. If an enterprise wants to adopt the DevOps process, Micro Focus Fortify on Demand is a great starting point. 

I would rate Micro Focus Fortify on Demand a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Micro Focus Fortify on Demand. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,136 professionals have used our research since 2012.
JP
Production Manager for Nearshore SWaT at a computer software company with 10,001+ employees
Real User
Top 20
Stable and shows the vulnerabilities online while checking the code, but it is quite expensive

Pros and Cons

  • "The feature that I find the most useful is being able to just see the vulnerabilities online while checking the code and then checking suggestions for fixing them."
  • "The thing that could be improved is reducing the cost of usage and including some of the most pricey features, such as dynamic analysis and that sort of functionality, which makes the difference between different types of tools."

What is our primary use case?

We use Micro Focus Fortify on Demand to check the vulnerabilities of developments that we perform.

What is most valuable?

The feature that I find the most useful is being able to just see the vulnerabilities online while checking the code and then checking suggestions for fixing them.

What needs improvement?

The thing that could be improved is reducing the cost of usage and including some of the most pricey features, such as dynamic analysis and that sort of functionality, which makes the difference between different types of tools.

For how long have I used the solution?

I have been using this product for four years. 

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

It is scalable. However, it poses a challenge in terms of pricing and licensing.

How are customer service and technical support?

I haven't contacted their support, but I know that a team was in touch with Fortify technical support because they do get to have a lot of questions about migrating the software, licensing, and other stuff. They contact the support quite often. I know that they get responses, not always the ones they would like, but they do get a response from them.

Which solution did I use previously and why did I switch?

I have used SonarQube but not at the same level. It has some functionalities that are related to security. It does not go as deep as Micro Focus Fortify on Demand. 

We have evaluated other tools that are competitors of Micro Focus Fortify on Demand, but we still decided to keep Micro Focus Fortify on Demand.

How was the initial setup?

I wasn't responsible for setting it up. 

What about the implementation team?

We have a team that works with the product. All development teams work with this team to accomplish the goals. Everything was set up by this team, and afterward, the development team just has to look at the reports and vulnerabilities so that they can run scans.

What's my experience with pricing, setup cost, and licensing?

It is quite expensive. Pricing and the licensing model could be improved. 

What other advice do I have?

Before using it, evaluate other possibilities because it's quite expensive if you don't have the need to use it. For example, replace it with SonarQube or another competitor's tool that may not do quite the same thing, but it is enough for what you want for your objectives. It could be a cheaper way to get to those goals.

I would rate Micro Focus Fortify on Demand a seven out of ten. Improvement in pricing would be the biggest thing that would improve the scoring.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
SS
Acquisitions Leader at a healthcare company with 10,001+ employees
Real User
Top 5Leaderboard
Outstanding support, efficient API, and one of the best tools for the Shift Left approach

Pros and Cons

  • "It is a very easy tool for developers to use in parallel while they're doing the coding. It does auto scanning as we are progressing with the CI/CD pipeline. It has got very simple and efficient API support."
  • "It is an extremely robust, scalable, and stable solution."
  • "It does scanning for all virtual machines and other things, but it doesn't do the scanning for containers. It currently lacks the ability to do the scanning on containers. We're asking their product management team to expand this capability to containers."
  • "We want a user-based control and role-based access for developers. We want to give limited access to developers so that it only pertains to the code that they write and scanning of the codes for any vulnerabilities as they're progressing with writing the code. As of now, the interface to give restricted access to the developers is not the best. It gives them more access than what is basically required, but we don't want over-provisioning and over-access."

What is our primary use case?

We are using it for application security testing. We have microservices and applications within the organization, and the testing is being done on a continuous basis right through the development cycle or the development chain.

We are using its latest version. It is deployed on the cloud and on-premises.

What is most valuable?

It is a very easy tool for developers to use in parallel while they're doing the coding. It does auto scanning as we are progressing with the CI/CD pipeline. It has got very simple and efficient API support.

It is an extremely robust, scalable, and stable solution.

It enhance the quality of code all along the CI/CD pipeline from a security standpoint and enables developers to deliver secure code right from the initial stages.

What needs improvement?

It does scanning for all virtual machines and other things, but it doesn't do the scanning for containers. It currently lacks the ability to do the scanning on containers. We're asking their product management team to expand this capability to containers.

It doesn't do software composition analysis. We've asked their product management team to look into that as well.

We want a user-based control and role-based access for developers. We want to give limited access to developers so that it only pertains to the code that they write and scanning of the codes for any vulnerabilities as they're progressing with writing the code. As of now, the interface to give restricted access to the developers is not the best. It gives them more access than what is basically required, but we don't want over-provisioning and over-access.

For how long have I used the solution?

I have been using this solution for four years.

What do I think about the stability of the solution?

It is very stable. 

What do I think about the scalability of the solution?

It is very scalable.

How are customer service and technical support?

Their tech support is absolutely outstanding. Their tech support is the most responsive tech support I've ever seen.

How was the initial setup?

It is very straightforward to set up. You can set it up in minutes.

What other advice do I have?

If somebody wants to shift left or integrate security early on in the CI/CD pipeline from a DevOps standpoint, this is probably one of the best tools available.

I would rate Micro Focus Fortify on Demand a nine out of 10. There are three areas for improvement. Once they improve it in those areas, then it would be 10 out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Raghu Krishna Y
GM - Technology at a outsourcing company with 10,001+ employees
Real User
Top 20
Effective security analysis, stable, but occasional false positives

Pros and Cons

  • "The most valuable features are the server, scanning, and it has helped identify issues with the security analysis."
  • "We typically do our bulk uploads of our scans with some automation at the end of the development cycle but the scanning can take a lot of time. If you were doing all of it at regular intervals it would still consume a lot of time. This could procedure could improve."

What is our primary use case?

We have an application sending service that we are providing to our customers and we are using Micro Focus Fortify on Demand to ensure our applications are secure. 

What is most valuable?

The most valuable features are the server, scanning, and it has helped identify issues with the security analysis.

What needs improvement?

We typically do our bulk uploads of our scans with some automation at the end of the development cycle but the scanning can take a lot of time. If you were doing all of it at regular intervals it would still consume a lot of time. This could procedure could improve.

We are receiving false positives. We then have to repeat the scan even though it is a false positive and tell it to ignore some of those issues. Some of the false positives could be a design issue which we will know, but they keep coming up on the report.

I have found the processes a bit cumbersome for the developers.

For how long have I used the solution?

I have been using this solution for approximately eight years.

What do I think about the stability of the solution?

I did not have any problems with the stability of this solution.

What do I think about the scalability of the solution?

The scalability is good.

How are customer service and technical support?

We did have some issues but we did not contact the technical support of Micro Focus.

How was the initial setup?

The initial setup was a medium effort, not too complex. However, the bulk scan uploads took time. Overall it took an average amount of time and it was easy to integrate and work with.

What's my experience with pricing, setup cost, and licensing?

The solution is a little expensive.

What other advice do I have?

I rate Micro Focus Fortify on Demand a six out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Dheeraj G
Information Security Engineer at a comms service provider with 501-1,000 employees
Real User
Top 20
Provides a lower number of false positives and is reliable and easy to use

Pros and Cons

  • "The UL is easy to use compared to that of other tools, and it is highly reliable. The findings provide a lower number of false positives."
  • "Integration to CI/CD pipelines could be improved. The reporting format could be more user friendly so that it is easy to read."

What is our primary use case?

We use it for normal, daily source code reviews and code analysis.

What is most valuable?

The UL is easy to use compared to that of other tools, and it is highly reliable. The findings provide a lower number of false positives.

It is easy to install, and the cost is fair.

What needs improvement?

I would like to see easier integration to CI/CD pipelines. The reporting format could be more user friendly so that it is easy to read.

For how long have I used the solution?

I've been working with Micro Focus Fortify on Demand for three years.

What do I think about the stability of the solution?

There were some issues with it before, but I think they have been fixed now.

What do I think about the scalability of the solution?

There were several limitations when I was using it before, but I am sure that they have been fixed by now.

How are customer service and technical support?

My experience with technical support has been very good.

How was the initial setup?

The initial setup is straightforward and not that complex. We had some support from IT.

What's my experience with pricing, setup cost, and licensing?

The price is fair compared to that of other solutions.

What other advice do I have?

If you are looking for commercial tools, Micro Focus Fortify on Demand is one of the best tools. It has all the features compared to those of its competitors. It is also within budget, if you're really focusing on security.

I would rate it at eight on a scale from one to ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
OO
Information Security Manager at a tech services company with 501-1,000 employees
Real User
Top 5Leaderboard
Easy to set up, stable and scalable

What is our primary use case?

We use Micro Focus Fortify on Demand to access web applications and more.

What needs improvement?

Reporting could be improved. It would nice to export to an Excel sheet or another spreadsheet. At the moment, my only option is a PDF. Micro Focus Fortify on Demand is tailored towards more web application APIs, and I would like to see mobile applications added to the next release.

For how long have I used the solution?

We've been using Micro Focus Fortify on Demand for almost two years.

What do I think about the stability of the solution?

Focus Fortify on Demand is a stable solution.

What do I think about the scalability of the solution?

Focus Fortify on Demand is a scalable solution. 

How was the initial setup?

The setup and installation…

What is our primary use case?

We use Micro Focus Fortify on Demand to access web applications and more.

What needs improvement?

Reporting could be improved. It would nice to export to an Excel sheet or another spreadsheet. At the moment, my only option is a PDF.

Micro Focus Fortify on Demand is tailored towards more web application APIs, and I would like to see mobile applications added to the next release.

For how long have I used the solution?

We've been using Micro Focus Fortify on Demand for almost two years.

What do I think about the stability of the solution?

Focus Fortify on Demand is a stable solution.

What do I think about the scalability of the solution?

Focus Fortify on Demand is a scalable solution. 

How was the initial setup?

The setup and installation were straightforward. 

What other advice do I have?

On a scale from one to ten, I'll give it an eight.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Micro Focus Fortify on Demand Report and get advice and tips from experienced pros sharing their opinions.