Atlasssian Crucible is a peer review tool for finding bugs and defects in version control tools Subversion, Git, Mercurial, CVS, and Perforce.
N/A
Fortify by OpenText
Score 9.0 out of 10
N/A
An AppSec solution formerly from Micro Focus, spanning SCA, SAST and DAST that supports the breadth and management of any application portfolio, used to secure code. Features API discovery and testing for any application, throughout the software lifecycle.
Crucible is well suited for situations where development teams follow a branch-based merge process, where new features or automation stories are introduced. It allows more seasoned team members to check newer team members' code to ensure standards are followed. It is probably less appropriate for smaller development teams or smaller projects, where code reviews can be less formal.
It is best suited for runtime application security scanning and very useful for automation. You can seemlessly integrate with pipeline for dynamic scans. Cloud based apps can also be scanned for vulnerabilities, cross site scripting attacks. Basically all OWASP TOP 10. It is less appropriate to use if you have serverless architecture
Crucible notifications of changes or updates to the code review are delayed as well as loading more source code is slow.
Crucible is formatting could use improvements for viewing customization features. For instance, allowing the user to create a new tab per file to be reviewed would be nice to have.
Since every firm needs to perform static code analysis on their applications, I believe Micro Focus Fortify WebInspect would work well for them (they also offer dynamic scanning, although I haven't used it myself). Different static analysis tools scan code in different ways, and Micro Focus Fortify WebInspect asks you to submit a complete build of the application along with debugging files. Depending on how your company builds its apps, this requirement may be simple or challenging.
It is a cloud-based platform which can provide us a very useful and unique features like Application Assessment, Scans, Vulnerability Test, Comprehensive Reporting, Monitoring, etc. Fortify by Open Text is also outstanding in various parameters for the support and integration and it is highly adaptable in various DevOps Program where you need secure app testing with all given features.
Crucible was first on the market and the price is inexpensive. Crucible integrates with Jira Software and Atlassian Fisheye, providing the ability to track defects efficiently. SonarQube compares code to 'best standards' but not 'internal standards' and does not integrate to issue tracking. GitHub offers effective peer review, and has some integration with GitHub issues but costs more.
Fortify Application Defender is a little more timely and upfront with a lot of their information on cyber security. we like what they provide and how they communicate with our users. I think they have a good understanding and practice in their field. they seem best suited for us and the best fit.
