Likelihood to Recommend I think CAST is a great tool to give insight into your applications. The tool can be met with resistance from team members as the tool is going to expose defects that should be addressed. Out of the box, it may need some tailoring to focus on certain areas so that you are not overwhelmed with defects the first time you scan your code. But ultimately, you will want to eliminate all defects in the code and have all violations turned on.
Gene Baker Vice President, Chief Architect, Development Manager and Software Engineer
Read full review SDLC deployment is simple. simple to use The coverage is thorough and complete as a DAST product.
Read full review Pros Identifies common coding vulnerabilities. Compares code to industry best practices. Assesses the code for data privacy compliance. Gene Baker Vice President, Chief Architect, Development Manager and Software Engineer
Read full review Detection of vulnerabilities Scanning pipelines Integration is super easy Scanned cloud based applications Read full review Cons Code scans could be faster. A large application may need to be broken down into smaller sub-applications in order to facilitate faster code scans. We spent a lot of time trying to figure out how to best structure our code base in the application for ultimate performance. Gene Baker Vice President, Chief Architect, Development Manager and Software Engineer
Read full review Reporting could be better Can be an involved setup if your organization is not using common build tools Users get spammed with a lot of email updates from the service Read full review Likelihood to Renew Since every firm needs to perform static code analysis on their applications, I believe Micro Focus Fortify WebInspect would work well for them (they also offer dynamic scanning, although I haven't used it myself). Different static analysis tools scan code in different ways, and Micro Focus Fortify WebInspect asks you to submit a complete build of the application along with debugging files. Depending on how your company builds its apps, this requirement may be simple or challenging.
Read full review Support Rating Tech support and pro services are top-notch.
Gene Baker Vice President, Chief Architect, Development Manager and Software Engineer
Read full review Always receive excellent support from the vendor. No issues there.
Gene Baker Vice President, Chief Architect, Development Manager and Software Engineer
Read full review Alternatives Considered These other tools only do a part of what CAST does. CAST gives a comprehensive view into the code looking at all aspects, code quality, security, maintainability, vulnerability, privacy, reuse, etc. These other tools only focus on one or two dimensions.
Gene Baker Vice President, Chief Architect, Development Manager and Software Engineer
Read full review Fortify Application Defender is a little more timely and upfront with a lot of their information on cyber security. we like what they provide and how they communicate with our users. I think they have a good understanding and practice in their field. they seem best suited for us and the best fit.
Read full review Return on Investment I believe once we had the tool working for our code base, we immediately saw positive ROI. We spent some time getting to where our code code be scanned efficiently but some of that was trying to do things ourselves instead of fully utilizing Cast Professional Services. I highly recommend to do an engagement with CAST to have them help setup the tool in your environment or to run it in the cloud for you. Gene Baker Vice President, Chief Architect, Development Manager and Software Engineer
Read full review DevSecOps helped in reducing efforts License cost was less We could roll out double the count of applications with implementation of WebInspect Read full review ScreenShots CAST Highlight Screenshots