Codacy vs. Fortify by OpenText

I recommend it for companies that use several programming languages, as it supports several languages ​​such as Java, Javascript, Python, among others. However, for companies that use only one programming language, there are specific tools for each language that can be more complete in this scenario. I do not recommend it for companies that only use open source software, in which case there are other tools available.

Incentivized

It is best suited for runtime application security scanning and very useful for automation. You can seemlessly integrate with pipeline for dynamic scans. Cloud based apps can also be scanned for vulnerabilities, cross site scripting attacks. Basically all OWASP TOP 10. It is less appropriate to use if you have serverless architecture

Incentivized

• Seamless and easy integrations with GitHub for fantastic pipeline of viewing errors.
• Intuitive UI which is easy to customize and built-in patterns recommendations and security checks helps to fix issues faster.
• Metrics and duplication and complexity easily identify areas that need attention to fix it easy.
• Great for open-source projects.

Incentivized

• DAST Scanning
• API Scanning
• Less detection of false positive

Incentivized

• There should be customization to get code quality for your own projects if standards are provided.
• Offline or a standalone application is much needed from Codacy to get local support.
• Spots a lot of errors and small ones that don't affect much about quality and are de-facto standards.

Incentivized

• Reporting could be better
• Can be an involved setup if your organization is not using common build tools
• Users get spammed with a lot of email updates from the service

Incentivized

Since every firm needs to perform static code analysis on their applications, I believe Micro Focus Fortify WebInspect would work well for them (they also offer dynamic scanning, although I haven't used it myself). Different static analysis tools scan code in different ways, and Micro Focus Fortify WebInspect asks you to submit a complete build of the application along with debugging files. Depending on how your company builds its apps, this requirement may be simple or challenging.

Incentivized

It is a cloud-based platform which can provide us a very useful and unique features like Application Assessment, Scans, Vulnerability Test, Comprehensive Reporting, Monitoring, etc. Fortify by Open Text is also outstanding in various parameters for the support and integration and it is highly adaptable in various DevOps Program where you need secure app testing with all given features.

Incentivized

Great company and support team!

Incentivized

Always receive excellent support from the vendor. No issues there.

Incentivized

Even though it is paid while SonarQube is free, we chose Codacy because it is simpler to configure and maintain the implemented rules. In addition, it offers support for the main programming languages ​​on the market, ensuring that we can continue to use it if we want to use other languages ​​in new products.

Incentivized

Fortify Application Defender is a little more timely and upfront with a lot of their information on cyber security. we like what they provide and how they communicate with our users. I think they have a good understanding and practice in their field. they seem best suited for us and the best fit.

Incentivized

• The integration of Codacy with new code base is quick and easy.
• Improves our code.
• Easy to detect errors easily.
• Ability to check duplicate codes.

Incentivized

• DevSecOps helped in reducing efforts
• License cost was less
• We could roll out double the count of applications with implementation of WebInspect

Incentivized