2019-12-12 19:48:00 UTC

What is the Biggest Difference Between Checkmarx and Fortify?


I work for a midsized software startup and I am currently evaluating Checkmarx and Fortify. 

What are the biggest differences between the two? Which would you recommend?

Thanks! I appreciate the help. 

Guest
55 Answers

author avatar
User

Checkmarx SAST is a product supporting 20+ languages, including the modern ones (GoLang, Kotlin, Swift, Scala, Typescript, React). Its language support is constantly kept up with the current versions of the respective languages/frameworks (e.g. .NET Core 2.x etc.).

Unlike Fortify, Checkmarx analyses raw (uncompiled) source code, which makes it less susceptible to changes in the built environment (e.g. no dependency on the specific version of XCode).

Finally, the Checkmarx solution is available both as an on-premise and in the cloud (hosted) solution with the same capabilities. Fortify on demand (which is the cloud-only solution) is different from the on-prem one.

2019-12-17 02:59:28 UTC
author avatar
User

Fewer false positives with CX than Fortify. More integrated.

2019-12-16 18:26:16 UTC
author avatar
Top 5Reseller

Looking at the Gartner report I would say that Checkmarx is way easier to set up (initial setup) compared to Micro Focus Fortify.
Also, the financial strength of the Micro Focus Fortify spin/merger is a concern so investments could be at risk.

2019-12-16 14:33:28 UTC
author avatar
User

The major difference is that Checkmarx scans the code without compiling the code. This has a great advantage as code building issues are eliminated,
scan time is very less and false positive is less to some extent. One more major this is Checkmarx learns as you eliminate false positives and does not show the same issue again. We can perform incremental scans on the codebase where the old issue is nicely marked as "Recurring" and new ones in Red as NEW. Checkmarx has a highly customizable filter creation where you can create a filter that can eliminate the common recurring issues in
scans. This feature is very flexible and you can write your own filters and also, write specific patterns that are found in manual review which is a
great help as coding styles differ form teams to teams.

2019-12-16 08:07:17 UTC
author avatar
Vendor

Thanks a lot. Thank you for the information.

2019-12-17 03:59:08 UTC
Find out what your peers are saying about Checkmarx vs. Fortify Application Defender and other solutions. Updated: May 2020.
419,052 professionals have used our research since 2012.