TrustRadius

Findbugs vs. Fortify by OpenText

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Findbugs
Score 7.0 out of 10
N/A
FindBugs is an open source program which uses static analysis to look for bugs in Java code. It is free software, distributed under the terms of the Lesser GNU Public License, and was developed (and its brand is trademarked by) the University of Maryland.N/A
Fortify by OpenText
Score 9.4 out of 10
N/A
An AppSec solution formerly from Micro Focus, spanning SCA, SAST and DAST that supports the breadth and management of any application portfolio, used to secure code. Features API discovery and testing for any application, throughout the software lifecycle.N/A
Pricing
FindbugsFortify by OpenText
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
FindbugsFortify by OpenText
Free Trial
NoNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details——
More Pricing Information
Best Alternatives
FindbugsFortify by OpenText
Small Businesses
PyCharm
PyCharm
Score 9.0 out of 10
GitLab
GitLab
Score 8.9 out of 10
Medium-sized Companies
PyCharm
PyCharm
Score 9.0 out of 10
GitLab
GitLab
Score 8.9 out of 10
Enterprises
PyCharm
PyCharm
Score 9.0 out of 10
GitLab
GitLab
Score 8.9 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
FindbugsFortify by OpenText
Likelihood to Recommend
7.0
(1 ratings)
9.8
(5 ratings)
Likelihood to Renew
-
(0 ratings)
10.0
(1 ratings)
Support Rating
-
(0 ratings)
10.0
(1 ratings)
User Testimonials
FindbugsFortify by OpenText
Likelihood to Recommend
Open Source
Findbugs is best suited even when you want to adapt to certain coding conventions and discover possible bugs beforehand and it's best suited for the java open source. whether you are a developer or a DevOps engineer you can even use it as a plugin in your Jenkins pipeline or any other build automation server and your developer tool such as visual studio as well.
Arush Soel | TrustRadius Reviewer
Arush Soel
Associate Staff Engineer
Read full review
OpenText
SDLC deployment is simple. simple to use The coverage is thorough and complete as a DAST product.
Zishan Ali Dakhani | TrustRadius Reviewer
Read full review
Pros
Open Source
  • Scan the code for existing bugs present
  • It can detect an vulnerabilities and also show possible bad warnings
  • Can help identify errors in advance to avoid code crash post deployment
Arush Soel | TrustRadius Reviewer
Arush Soel
Associate Staff Engineer
Read full review
OpenText
  • Detection of vulnerabilities
  • Scanning pipelines
  • Integration is super easy
  • Scanned cloud based applications
Verified User
Anonymous
Read full review
Cons
Open Source
  • It’s documentation is not always up to date
  • Difficulty in finding a prper solution when an issue arises during its configuration
  • has limited features
Arush Soel | TrustRadius Reviewer
Arush Soel
Associate Staff Engineer
Read full review
OpenText
  • Reporting could be better
  • Can be an involved setup if your organization is not using common build tools
  • Users get spammed with a lot of email updates from the service
Verified User
Anonymous
Read full review
Likelihood to Renew
Open Source
No answers on this topic
OpenText
Since every firm needs to perform static code analysis on their applications, I believe Micro Focus Fortify WebInspect would work well for them (they also offer dynamic scanning, although I haven't used it myself). Different static analysis tools scan code in different ways, and Micro Focus Fortify WebInspect asks you to submit a complete build of the application along with debugging files. Depending on how your company builds its apps, this requirement may be simple or challenging.
Zishan Ali Dakhani | TrustRadius Reviewer
Read full review
Support Rating
Open Source
No answers on this topic
OpenText
Always receive excellent support from the vendor. No issues there.
Gene Baker | TrustRadius Reviewer
Gene Baker
Vice President, Chief Architect, Development Manager and Software Engineer
Read full review
Alternatives Considered
Open Source
Sonar cloud has its own cloud where all the code vulnerabilities are collected and stored as a whole whereas its a plugin that is used in a code itself but the cons is that SonarCloud needs a license if you want to use it privately and also requires personal access token authentication if used with an external service
Arush Soel | TrustRadius Reviewer
Arush Soel
Associate Staff Engineer
Read full review
OpenText
Fortify Application Defender is a little more timely and upfront with a lot of their information on cyber security. we like what they provide and how they communicate with our users. I think they have a good understanding and practice in their field. they seem best suited for us and the best fit.
Verified User
Anonymous
Read full review
Return on Investment
Open Source
  • Its being used overall by most of the teams
  • Some of the teams migrating to another testing tool as it has limited features
  • Still recommend as its open source and beginners friendly
Arush Soel | TrustRadius Reviewer
Arush Soel
Associate Staff Engineer
Read full review
OpenText
  • DevSecOps helped in reducing efforts
  • License cost was less
  • We could roll out double the count of applications with implementation of WebInspect
Verified User
Anonymous
Read full review
ScreenShots