Top Rated OpenText Fortify Static Code Analyzer Alternatives
23 OpenText Fortify Static Code Analyzer Reviews
Overall Review Sentiment for OpenText Fortify Static Code Analyzer
Log in to view review sentiment.
Fortify is an excellent code analyzer. Its plugins are handy as compared to other solutions. It can quickly and accurately identify errors. We can efficiently address critical errors and warnings. It can scan the code in real time. Fortify Static Code Analyzer is handy for CI/CD programs. We can resolve the issues quickly at the development level. It is efficient and time-saving also. It can be easily integrated with Android Studio, Visual Studio, IntelliJ, etc. Fortify Static Code Analyzer notifies us on time if there are any security leaks. All the features are very beneficial once you know their proper functionalities, Review collected by and hosted on G2.com.
The price of Fortify Static Code Analyzer is a bit high. Also, sometimes we can face troubleshooting issues. Other functionalities can also be improved to make it more handy and easy to use. Review collected by and hosted on G2.com.
Fortify has been the first choice for doing secure (static) code analysis for many years because
1. Languages support - it supports both legacy and modern development languages.
2. Deployment Model - on-prem, cloud, Security as a service (FOD)
3. Technical support - Fortify not only helps the new onboarded customers with detailed documentation but also provides good trainings Review collected by and hosted on G2.com.
There is a native issue of false positives with all the SCA tools. Which somehow decreases the value and increases the turn around time for finding the exact true positives Review collected by and hosted on G2.com.
Friendly and Efficient Integrations - IntelliJ, VS, Android Studio, etc. Organized Dashboard and their absolutely wonderful reporting platform. It really helped us achieve our compliance goals! Review collected by and hosted on G2.com.
Fortify should develop a DAST setup as well, this would really marginalize our input and time efficiency. Review collected by and hosted on G2.com.
Exact pinpointing of issues in code and suggestions to fix them. Review collected by and hosted on G2.com.
bit costly, also bit difficult to set up at intial. Review collected by and hosted on G2.com.
It shows how to fix the vulnerable code. Review collected by and hosted on G2.com.
i did not find the automatic way to create the projects. Review collected by and hosted on G2.com.
Ease of using, deployment in CI/CD & the custom ruleset/report creation. Review collected by and hosted on G2.com.
Heavily depends on JRE configs, which makes compiling & running slower. Review collected by and hosted on G2.com.
Wide range of programming language support, Ability to generate FPR files from CICD pipelines, Externalization of scans into another server for performance reasons. Review collected by and hosted on G2.com.
Slow at times to complete at large number of files in a heavy software. Review collected by and hosted on G2.com.
I like fortify to scan source code in deply. It will compile the code and find the vulnerabilities. No others tools compile the code scan. Most important thing is result. It will find all critical issues. Review collected by and hosted on G2.com.
Sometimes it will show more duplicate issue. Developer should work on this and resolved it. Review collected by and hosted on G2.com.
It is an on-prem solution and is compatible with most of the commonly used languages. It can get the scan results verified by an audit assistant that will further reduce the false positives. Very easy to install and can be deployed over windows or Linux machines. SSC module can be utilized for better reporting and tracking. Furthermore, it can be integrated with CI/CD pipelines for automated assessments. Review collected by and hosted on G2.com.
Reporting can be me more intelligent, and false positives are little on the higher side. Review collected by and hosted on G2.com.
The ease of use and an intuitive UI makes using the Fortify Static Code Analyzer quite easy for people who are new to it. A topic as complex as Security becomes manageable as the tool provides detailed reports on what the vulnerabilities are with their severity level and quite an extensive description of what is causing the vulnerability and recommendations to fix it. This makes life for the developers who might be new to Security. Review collected by and hosted on G2.com.
Some newer language syntax of certain languages like Java 8+ might not be understood by Fortify which leads to false positives. Also, certain non-fixeable vulnerabilities for which exceptions were provided would pop back up once in a while, which is a bit annoying. Review collected by and hosted on G2.com.