Atlasssian Crucible is a peer review tool for finding bugs and defects in version control tools Subversion, Git, Mercurial, CVS, and Perforce.
N/A
Fortify by OpenText
Score 9.0 out of 10
N/A
An AppSec solution formerly from Micro Focus, spanning SCA, SAST and DAST that supports the breadth and management of any application portfolio, used to secure code. Features API discovery and testing for any application, throughout the software lifecycle.
Crucible is well suited for situations where development teams follow a branch-based merge process, where new features or automation stories are introduced. It allows more seasoned team members to check newer team members' code to ensure standards are followed. It is probably less appropriate for smaller development teams or smaller projects, where code reviews can be less formal.
It is best suited for runtime application security scanning and very useful for automation. You can seemlessly integrate with pipeline for dynamic scans. Cloud based apps can also be scanned for vulnerabilities, cross site scripting attacks. Basically all OWASP TOP 10. It is less appropriate to use if you have serverless architecture
Upsource is the best review tool we've found but it still has some flaws. Notably, it makes reviewing small and quick changes less convenient than they need to be, and diff viewing (especially collaboratively) can be tedious.
It does handle larger, iterative reviews well. Especially when using a feature branch, Upsource will track that branch and automatically add all commits to the review. You can then review the branch as a whole, or look at a subset of diffs.
Crucible notifications of changes or updates to the code review are delayed as well as loading more source code is slow.
Crucible is formatting could use improvements for viewing customization features. For instance, allowing the user to create a new tab per file to be reviewed would be nice to have.
Creating and closing reviews isn't as quick as it could be. You must create a review, assign reviewers, approve and close. I wish there would be a quick review-approve-close for a commit where the change is simple and doesn't require multiple review iterations.
Web based interface can be clunky, especially when looking at big diffs side-by-side
JetBrains IDE integration is somehow less convenient than going using it in browser.
Since every firm needs to perform static code analysis on their applications, I believe Micro Focus Fortify WebInspect would work well for them (they also offer dynamic scanning, although I haven't used it myself). Different static analysis tools scan code in different ways, and Micro Focus Fortify WebInspect asks you to submit a complete build of the application along with debugging files. Depending on how your company builds its apps, this requirement may be simple or challenging.
It is a cloud-based platform which can provide us a very useful and unique features like Application Assessment, Scans, Vulnerability Test, Comprehensive Reporting, Monitoring, etc. Fortify by Open Text is also outstanding in various parameters for the support and integration and it is highly adaptable in various DevOps Program where you need secure app testing with all given features.
Crucible was first on the market and the price is inexpensive. Crucible integrates with Jira Software and Atlassian Fisheye, providing the ability to track defects efficiently. SonarQube compares code to 'best standards' but not 'internal standards' and does not integrate to issue tracking. GitHub offers effective peer review, and has some integration with GitHub issues but costs more.
Fortify Application Defender is a little more timely and upfront with a lot of their information on cyber security. we like what they provide and how they communicate with our users. I think they have a good understanding and practice in their field. they seem best suited for us and the best fit.
Compared to the other tools we evaluated, Upsource was the only tool that allowed distinct reviews without needing explicit pull requests while still being able to go in-depth when required. The diff viewer is serviceable and better than the alternatives, as well, especially the side-by-side viewer.
