CAST Highlight vs. Fortify by OpenText

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
CAST Highlight
Score 8.2 out of 10
Enterprise companies (1,001+ employees)
CAST headquartered in New York offers Highlight, an application portfolio management solution providing software component analysis , application security, application benchmarking, and technical due diligence.
$25,000
per year
Fortify by OpenText
Score 9.4 out of 10
N/A
An AppSec solution formerly from Micro Focus, spanning SCA, SAST and DAST that supports the breadth and management of any application portfolio, used to secure code. Features API discovery and testing for any application, throughout the software lifecycle.N/A
Pricing
CAST HighlightFortify by OpenText
Editions & Modules
Cloud
25k
Portfolio Size 25
SCA
$26k
Portfolio Size 25
Complete
33k
Portfolio Size 25
No answers on this topic
Offerings
Pricing Offerings
CAST HighlightFortify by OpenText
Free Trial
YesNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
YesNo
Entry-level Setup FeeOptionalNo setup fee
Additional DetailsAnnual Pricing by Size of Application Portfolio
More Pricing Information
Community Pulse
CAST HighlightFortify by OpenText
Top Pros

No answers on this topic

Top Cons

No answers on this topic

Best Alternatives
CAST HighlightFortify by OpenText
Small Businesses

No answers on this topic

GitLab
GitLab
Score 8.9 out of 10
Medium-sized Companies
Palo Alto Networks Prisma Cloud
Palo Alto Networks Prisma Cloud
Score 8.1 out of 10
GitLab
GitLab
Score 8.9 out of 10
Enterprises
Veracode
Veracode
Score 8.5 out of 10
GitLab
GitLab
Score 8.9 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
CAST HighlightFortify by OpenText
Likelihood to Recommend
10.0
(1 ratings)
9.8
(5 ratings)
Likelihood to Renew
-
(0 ratings)
10.0
(1 ratings)
Support Rating
10.0
(1 ratings)
10.0
(1 ratings)
User Testimonials
CAST HighlightFortify by OpenText
Likelihood to Recommend
CAST
I think CAST is a great tool to give insight into your applications. The tool can be met with resistance from team members as the tool is going to expose defects that should be addressed. Out of the box, it may need some tailoring to focus on certain areas so that you are not overwhelmed with defects the first time you scan your code. But ultimately, you will want to eliminate all defects in the code and have all violations turned on.
Read full review
OpenText
SDLC deployment is simple. simple to use The coverage is thorough and complete as a DAST product.
Read full review
Pros
CAST
  • Identifies common coding vulnerabilities.
  • Compares code to industry best practices.
  • Assesses the code for data privacy compliance.
Read full review
OpenText
  • Detection of vulnerabilities
  • Scanning pipelines
  • Integration is super easy
  • Scanned cloud based applications
Read full review
Cons
CAST
  • Code scans could be faster. A large application may need to be broken down into smaller sub-applications in order to facilitate faster code scans.
  • We spent a lot of time trying to figure out how to best structure our code base in the application for ultimate performance.
Read full review
OpenText
  • Reporting could be better
  • Can be an involved setup if your organization is not using common build tools
  • Users get spammed with a lot of email updates from the service
Read full review
Likelihood to Renew
CAST
No answers on this topic
OpenText
Since every firm needs to perform static code analysis on their applications, I believe Micro Focus Fortify WebInspect would work well for them (they also offer dynamic scanning, although I haven't used it myself). Different static analysis tools scan code in different ways, and Micro Focus Fortify WebInspect asks you to submit a complete build of the application along with debugging files. Depending on how your company builds its apps, this requirement may be simple or challenging.
Read full review
Support Rating
CAST
Tech support and pro services are top-notch.
Read full review
OpenText
Always receive excellent support from the vendor. No issues there.
Read full review
Alternatives Considered
CAST
These other tools only do a part of what CAST does. CAST gives a comprehensive view into the code looking at all aspects, code quality, security, maintainability, vulnerability, privacy, reuse, etc. These other tools only focus on one or two dimensions.
Read full review
OpenText
Fortify Application Defender is a little more timely and upfront with a lot of their information on cyber security. we like what they provide and how they communicate with our users. I think they have a good understanding and practice in their field. they seem best suited for us and the best fit.
Read full review
Return on Investment
CAST
  • I believe once we had the tool working for our code base, we immediately saw positive ROI.
  • We spent some time getting to where our code code be scanned efficiently but some of that was trying to do things ourselves instead of fully utilizing Cast Professional Services. I highly recommend to do an engagement with CAST to have them help setup the tool in your environment or to run it in the cloud for you.
Read full review
OpenText
  • DevSecOps helped in reducing efforts
  • License cost was less
  • We could roll out double the count of applications with implementation of WebInspect
Read full review
ScreenShots

CAST Highlight Screenshots

Screenshot of Application Portfolio ManagementScreenshot of Software Composition AnalysisScreenshot of Portfolio Advisor for Open SourceScreenshot of Portfolio Advisor for CloudScreenshot of Cloud Migration Blockers and Boosters