What users are saying about
1 Rating
16 Ratings
1 Rating
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>
Score 5 out of 100
16 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>
Score 8.5 out of 100

Likelihood to Recommend

FOSSA

The only issue we have had is sometimes the web app is too slow, and that causes issues with us wanting to continue to use FOSSA over going with another tool. That is the only problem. I noticed it happened more recently, but if that is solved now or will be solved, I would 100% recommend this tool to anyone!
Anonymous | TrustRadius Reviewer

HCL AppScan

strengths : identifies Static and Dynamic Security vulnerabilities, has IDE plugins for ease of use like VS Plugin,
Eclipse Plugin, IntelliJ, etcChallenges : support build of code files prior to scan, offers limited static analysis features for data identification and
runtime data tracking
Franck Gafsou | TrustRadius Reviewer

Pros

FOSSA

  • Setup of tool.
  • Speed of scans.
  • Automated emails with reports.
Anonymous | TrustRadius Reviewer

HCL AppScan

  • Vulnerability reporting
  • Static code analysis
  • Remediation
  • DevSecOps
Anonymous | TrustRadius Reviewer

Cons

FOSSA

  • Interface for loading results can be slow, this is the #1 issue we have faced.
  • Speed of scans could be improved.
Anonymous | TrustRadius Reviewer

HCL AppScan

  • We have been asking IBM to upgrade the connectivity from scanner to database to use TLS 1.2. Currently uses TLS 1.0 which we are trying to completely deprecate from our environment.
  • We have been having some login issues with authenticated scans for applications that use federated login (Shibboleth) dur to re-directs and timeouts. For these systems we have to bypass the federation and login directly to the application.
Seth Shestack | TrustRadius Reviewer

Support Rating

FOSSA

FOSSA 10.0
Based on 1 answer
Never needed support but the chat and help seem forefront of the app!
Anonymous | TrustRadius Reviewer

HCL AppScan

No score
No answers yet
No answers on this topic

Alternatives Considered

FOSSA

BlackDuck and Synk
Anonymous | TrustRadius Reviewer

HCL AppScan

Both solutions are decent, however, I had team members who had the experience working with HCL AppScan. Also, the product was priced nominally which suited our budget. Further, HCL AppScan's user community was bigger and many learning resources were freely available which helped junior peers learn quickly and eliminate any issues
Anonymous | TrustRadius Reviewer

Return on Investment

FOSSA

  • Hard to measure the ROI, but no doubt having licenses be above board is fantastic for protection of your software.
  • Caused developers to make more informed decisions.
Anonymous | TrustRadius Reviewer

HCL AppScan

  • The positive impact is that it gives us a way to identify and remediate vulnerabilities in our web applications prior to being placed in production
Seth Shestack | TrustRadius Reviewer

Pricing Details

FOSSA

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

HCL AppScan

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

Add comparison