We just raised a $30M Series A: Read our story
2018-08-14T07:42:00Z

What advice do you have for others considering Micro Focus Fortify on Demand?

9

If you were talking to someone whose organization is considering Micro Focus Fortify on Demand, what would you say?

How would you rate it and why? Any other tips or advice?

ITCS user
Guest
1919 Answers

author avatar
Top 5LeaderboardReal User

Micro Focus Fortify on Demand is a nice tool for security tests because security is important in today's world. DevOps is not the only solution we have to think of, there is DevSecOps. Fortify is helping us to scan our code at the very beginning of SDLC. I would recommend this solution to any other security tool because when we compared other tools Fortify worked well for us. I rate Micro Focus Fortify on Demand a seven out of ten.

2021-09-08T21:04:13Z
author avatar
Top 5LeaderboardReal User

If somebody wants to shift left or integrate security early on in the CI/CD pipeline from a DevOps standpoint, this is probably one of the best tools available. I would rate Micro Focus Fortify on Demand a nine out of 10. There are three areas for improvement. Once they improve it in those areas, then it would be 10 out of 10.

2021-08-06T18:53:57Z
author avatar
Top 20Real User

I rate Micro Focus Fortify on Demand a six out of ten.

2021-07-10T18:50:15Z
author avatar
Top 20Real User

If you are looking for commercial tools, Micro Focus Fortify on Demand is one of the best tools. It has all the features compared to those of its competitors. It is also within budget, if you're really focusing on security. I would rate it at eight on a scale from one to ten.

2021-05-08T09:55:10Z
author avatar
Top 20Real User

We're just a customer and we offer consulting services. We are bringing up all the infrastructure inside GCP. It's not ready yet, and we're still implementing it. We're going to bring it up next week, probably, in terms of the infrastructure. We'll perform the SSC installation, install the controller and sensors. The most important thing a company needs to do is to pay attention to the license calculation. They need to know how many licenses are going to be used. They need to understand the Micro Focus offer. That way, you won't be charged if you have surpassed the application limit. This is very important. That's something we faced in the past that caused a lot of problems. We needed to estimate the sizing correctly of the infrastructure. Doing that will bring value to the builds and deployments. Otherwise, you're going to spend a lot of time doing the scanning, and the developers will be very mad. I'd rate the solution ten out of ten. It's the best on the market for me.

2021-01-28T11:51:51Z
author avatar
Top 20Real User

For us, Fortify on Demand is a good quality product that I can recommend for a few reasons, including: * Very useful source code review and vulnerability detection. * Clear and easy-to-read test results and reports. * Good integration with other platforms during development. I would rate Fortify on Demand a nine out of ten.

2020-12-16T07:23:00Z
author avatar
Top 20Real User

We plan to keep using this solution. Every year, we seem to have more and more code, and they add more and more features such as third-party library assessments, etc. Open source has become a big thing as companies try and save money, but with open source comes additional risk. This solution helps us mitigate the risk of those open-source components. So, we're using this more and more as we move forward. The important part of this is automation. There are lots of automation options for this tool. Initially, trying to do it manually was a great start, but we kind of got lost a little bit along the way of implementing it. We should have done more automation right from the beginning, made it our standard, and created the policies. Sometimes, you put the cart before the horse. The tool does a great job, and you get lost in the results. It does provide good results and good information, but I think it's very important to have those policies and procedures in place right up front with this product. It will save you a lot of time in the end. The biggest lesson that I have learned from using this product is that even if you have the best people, there are always vulnerabilities and things that will surprise you. I would rate Micro Focus Fortify on Demand a nine out of ten.

2020-12-06T06:23:06Z
author avatar
Top 5LeaderboardReal User

On a scale from one to ten, I'll give it an eight.

2020-11-30T16:58:55Z
author avatar
Top 20Real User

It is a great solution. It is cost-effective for a secure development process. If an enterprise wants to adopt the DevOps process, Micro Focus Fortify on Demand is a great starting point. I would rate Micro Focus Fortify on Demand a nine out of ten.

2020-10-30T08:22:22Z
author avatar
Top 20Real User

You can choose this product for sure with a lot of confidence. It entirely depends on how you are exploring the stuff and trying to integrate it. Designing has to be good. It has all the features, but exploring the features and using it as per your need is important. It is not that features are not there. You just need to explore them and know how to use them. I would rate Micro Focus Fortify on Demand an eight out of ten. It is a good product. However, it needs improvements from the security aspect and from the aspect of integrations with other popular tools in the market.

2020-10-07T07:04:39Z
author avatar
Top 20Real User

Before using it, evaluate other possibilities because it's quite expensive if you don't have the need to use it. For example, replace it with SonarQube or another competitor's tool that may not do quite the same thing, but it is enough for what you want for your objectives. It could be a cheaper way to get to those goals. I would rate Micro Focus Fortify on Demand a seven out of ten. Improvement in pricing would be the biggest thing that would improve the scoring.

2020-08-23T08:17:00Z
author avatar
Real User

My advice to anybody who is considering this solution is to first get buy-in from the entire organization about adopting a culture of Security by design. Fortify on Demand can scan your code, but you need to have plans in place for what needs to be done when problems are identified. It may mean that things will have to change with regards to how code is being written. It may also require integration with other platforms. You can't just start scanning without first understanding what the security architecture is. You need to understand the vulnerabilities and all of the standards, as well. Essentially, I would recommend a security design overhaul. I would rate this solution an eight out of ten.

2020-01-12T12:03:00Z
author avatar
Real User

Fortify on Demand is a product that I recommend but the suitability of this solution depends on exactly what the requirements are. Every product has a unique feature as well as limitations with respect to what it can and can not do. What it comes down to is how the application is built, as well as the technology stack. The licensing costs are also something that needs to be considered. Overall, it is a very good tool and it works well for what it is designed for. I would rate this solution a seven out of ten.

2020-01-12T12:02:00Z
author avatar
Top 20Reseller

I would definitely recommend Micro Focus Fortify any day for clients who are looking for a good security solution. On a scale from one to ten where one is the worst and ten is the best, I would rate Micro Focus Fortify on Demand as a nine out of ten.

2020-01-07T06:27:00Z
author avatar
Real User

We use the cloud deployment model of the solution. Whether or not you decide to implement the solution depends on the use case. It depends on if the user has a big application or multiple lines of code which need to be scanned. New users need to do POC so they can investigate if this tool fits in their company or their enterprise before they begin implementation. Everyone should do a comparison before implementing or doing the rollout of any security tool. I would rate the solution seven out of ten.

2019-08-19T05:47:00Z
author avatar
Real User

This solution works, so I suggest using it. I would rate this solution an eight out of ten.

2019-06-11T11:10:00Z
author avatar
Top 10Real User

I would advise others not to use Fortify, but rather get something like Veracode or Checkmarx. The most important thing is not the functionality of the product. The most important thing is the knowledge, support, and availability of the team of security specialists as a vendor, that you have somebody to work with and talk to. Everybody's website is different, and if you try to use the product out of the box the way they built it and you have nobody to talk to to figure out how to tweak your application or the product to reduce the noise and the false positives, it becomes literally useless. So I would not advise anybody to go to Fortify based on the fact that they really don't have a very forthcoming support team and availability. Could be the other options would provide professional services, but that's not the point. The point is that if you want to pick up the phone and send them an email, open a ticket saying that, "This is a false positive," somebody should get back to you. So I don't think that Fortify's a viable option still these days based on the fact of where they sit and how they operate. I would rate the product a four out of ten. It works. The reason why I give it a four is because of the limitations of the product to understand the dynamics of our website and the number of things that are not working smoothly due to the fact that our website is complex.

2019-05-15T05:16:00Z
author avatar
Consultant

Today's security has become so complex that you cannot lean completely dependent on one tool. What I have learned is that you should have multiple tools. Now, with different areas coming into space, all of these tools have to co-exist. To make the right choice of a tool is really important. A solution must have ease-of-use. If it becomes too difficult for installing, configuring, learning the scan, then the add option becomes a challenge.

2018-10-28T09:33:00Z
author avatar
Real User

Understand what you want to get out of it and be sure to fully understand what you will be paying per scan if you go for the subscription model. As I said, having to scan hundreds or thousands of apps using that subscription model and doing that several times a week, or several times a day, may increase your costs. That might be something that you need to look at. I rate it at nine out of 10. It's not a 10 because of the cost model, it's a bit pricey, and the slowness, it could be a little bit faster. I understand the reasons why but you just need to be aware before you start using it that the local scan won't be as fast as the static code scan.

2018-08-14T07:42:00Z
Learn what your peers think about Micro Focus Fortify on Demand. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,721 professionals have used our research since 2012.