What users are saying about
<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener'>Customer Verified: Read more.</a>
Top Rated
159 Ratings
6 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>
Score 7.9 out of 100

Veracode

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener'>Customer Verified: Read more.</a>
Top Rated
159 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>
Score 9 out of 100

Attribute Ratings

  • Micro Focus Fortify on Demand is rated higher in 1 area: Support Rating
  • Veracode is rated higher in 1 area: Likelihood to Recommend

Likelihood to Recommend

8.0

Micro Focus Fortify on Demand

80%
1 Rating
8.9

Veracode

89%
106 Ratings

Likelihood to Renew

Micro Focus Fortify on Demand

N/A
0 Ratings
8.1

Veracode

81%
4 Ratings

Usability

Micro Focus Fortify on Demand

N/A
0 Ratings
7.3

Veracode

73%
26 Ratings

Availability

Micro Focus Fortify on Demand

N/A
0 Ratings
9.1

Veracode

91%
1 Rating

Performance

Micro Focus Fortify on Demand

N/A
0 Ratings
6.4

Veracode

64%
1 Rating

Support Rating

10.0

Micro Focus Fortify on Demand

100%
2 Ratings
7.8

Veracode

78%
54 Ratings

Implementation Rating

Micro Focus Fortify on Demand

N/A
0 Ratings
7.3

Veracode

73%
2 Ratings

Product Scalability

Micro Focus Fortify on Demand

N/A
0 Ratings
7.3

Veracode

73%
1 Rating

Likelihood to Recommend

Micro Focus Fortify on Demand

Integrated as part of our CI / CD chain. Scans are done in an automated fashion and defects are reported out and tracked. Easy to use, easy to integrate. Very pleased with the product. It does not perform cross module analysis scanning for vulnerabilities that may cross applications as well as it could, but it's pretty close.
Gene Baker | TrustRadius Reviewer

Veracode

It just works and allows for a left shift, which has been shown as a vast reduction in dev work and cost. With policy and other outlines, your security team can help Devs program safer applications and protect your company's platforms from vulnerability...
Robert Hood | TrustRadius Reviewer

Pros

Micro Focus Fortify on Demand

  • SAST
  • DAST
  • Manage Software Security Risk
  • Automation
  • Compliance
  • Integration
Gene Baker | TrustRadius Reviewer

Veracode

  • The pipeline scan is a very fast way to scan code and inform developers if a new flaw is introduced by their pull requests.
  • Upload & Scan provides an in-depth analysis of the codebase, which features like reporting being made easy.
  • SCA Scans help us not only identify the vulnerabilities but also in helping fix them and in identifying if our application is using that part of the vulnerable library or not.
  • Veracode is very easy to integrate into the CI/CD pipelines (especially Jenkins)
Anonymous | TrustRadius Reviewer

Cons

Micro Focus Fortify on Demand

  • Cross module compliance
Gene Baker | TrustRadius Reviewer

Veracode

  • There is an initial overhead on generating the binary artefacts for scanning. The binaries need to be loaded with debug symbols for Veracode to be able to trace the defect back to the file and line number. This is relatively easy for modern programming languages (e.g. Java) with latest build tools (e.g. maven/gradle) but can be quite challenging for languages which are platform specific (C/C++) and have dated build systems (e.g. make).
  • Entry Point Selection. After the binaries are uploaded for scanning, the Veracode platform analyses them (pre-scan) and provides a list of 'modules' to be selected for scanning. Only the points of entry of program execution need to be selected here, based on the application architecture. The 3rd party modules on which your code is dependent on need to be uploaded but not selected as entry points for execution. This typically needs some fine-tuning and teams take some iterations to optimise. This would need the product architect inputs which teams generally do not understand, as they treat scanning in general as a DevSecOps responsibility and only after scanning, the developers/architects pitch in. For Veracode, their inputs are needed even during the scanning, for the first few scans at least.
  • This is a both a pro and con. Veracode does not give any option to customise the scanning rules or tweak what it is scanning for. This makes for a much simpler setup but also gives no scope for creating an application-specific scanning profile. For instance, if I do not want Veracode to look for SQL injection for whatever reason, or if I want Veracode to only look for OWASP Top 10 vulnerabilities, I cannot configure.
  • Long scan times, specifically for C/C++ based product/app scans. Some of the scans for enterprise scale product in C/C++ used to take quite many hours, and at times a couple of days. There have been improvements in this during the course of our 3 years of usage but in general, scans take a long time to complete.
Śrinivāsa Rao Kuruba | TrustRadius Reviewer

Pricing Details

Micro Focus Fortify on Demand

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

Starting Price

Veracode

General

Free Trial
Yes
Free/Freemium Version
Yes
Premium Consulting/Integration Services
Yes
Entry-level set up fee?
No

Starting Price

Likelihood to Renew

Micro Focus Fortify on Demand

No score
No answers yet
No answers on this topic

Veracode

Veracode 8.1
Based on 4 answers
At this time, and we just renewed a month ago, I dont see any products out there overall that can offer what Veracode does. Yes, its not cheap by any means, but for the money its the best application security scanning tool out there.
Anonymous | TrustRadius Reviewer

Usability

Micro Focus Fortify on Demand

No score
No answers yet
No answers on this topic

Veracode

Veracode 7.3
Based on 26 answers
This used to be terrible. Had a difficult time figuring out where information was. Partly this was due to duplicative features, jargon labels, and user navigation. However, in the seven years I've been using the product, it has gotten better.Some of my issues were associated with trying to get scans to work unassisted. Now that scans, once set up, just run periodically, I don't have to deal with that as much. Part of this might also be that I've learned what I need to know about getting around. And still part of this assessment is in comparison to other tools out there that are even worse. Still, they could benefit from an investment in a full useability redesign from someone with an outside perspective, modernizing the UX but also studying and working through the bigger usability concerns. I would love to see better diagnostic tools around getting scans to work so I wouldn't need their tech support people to get scans to work. However, as long as the scheduler keeps going, my needs on this get ever rarer.
David Nelson-Gal | TrustRadius Reviewer

Reliability and Availability

Micro Focus Fortify on Demand

No score
No answers yet
No answers on this topic

Veracode

Veracode 9.1
Based on 1 answer
Veracode has always been up and available to us.
Anonymous | TrustRadius Reviewer

Performance

Micro Focus Fortify on Demand

No score
No answers yet
No answers on this topic

Veracode

Veracode 6.4
Based on 1 answer
At this point, it runs well and mostly in a timely fashion. Dynamic scans take days but this may be a config issue still to be resolved.
Anonymous | TrustRadius Reviewer

Support Rating

Micro Focus Fortify on Demand

Micro Focus Fortify on Demand 10.0
Based on 2 answers
Always receive excellent support from the vendor. No issues there.
Gene Baker | TrustRadius Reviewer

Veracode

Veracode 7.8
Based on 54 answers
Veracode Support has been great. Any time I have had a question, they have responded in a prompt manner. I'd say nine out of ten times they are able to resolve any issues that have come up with a short email exchange. For issues requiring a bit more investigation, their consultants are tops.
Teresa Kosinski | TrustRadius Reviewer

Implementation Rating

Micro Focus Fortify on Demand

No score
No answers yet
No answers on this topic

Veracode

Veracode 7.3
Based on 2 answers
We use it as a SAS service, so really just getting our teams to mold the use of Veracode into their SDLC has been a process of years in the making. It comes down to what your teams are ready and willing to accept and change. Management is key in getting their groups on board with using it regularly. If it doesnt have management backing, your security teams have little to no influence in getting this process off the ground fully.
Anonymous | TrustRadius Reviewer

Alternatives Considered

Micro Focus Fortify on Demand

CAST in my opinion provides a far superior product in that it can parse in an entire suite of applications and do scans across modules. HP Fortify probably has deeper and more current scanning so I think both products complement each other. I would not rely solely on Fortify and would try to have that as part of the mix of products. Overall it's a good product. We use Fortify because the Enterprise has made that a mandatory part of our security suite.
Gene Baker | TrustRadius Reviewer

Veracode

I have used SonarQube for code quality and security analysis in the past, but Veracode's Software Composition Analysis analysis makes a big difference in terms of identifying vulnerabilities in dependencies. It would make it a lot easier if the IDE plugin could show the transitive dependency the introduces the vulnerabilities. I'm very pleased [in] Veracode reporting so far.
Anonymous | TrustRadius Reviewer

Scalability

Micro Focus Fortify on Demand

No score
No answers yet
No answers on this topic

Veracode

Veracode 7.3
Based on 1 answer
It meets our needs.
Anonymous | TrustRadius Reviewer

Return on Investment

Micro Focus Fortify on Demand

  • Good as part of our security suite to help prevent successful attacks.
  • Reporting of defects helps to educate developers.
  • Worth the price we paid.
Gene Baker | TrustRadius Reviewer

Veracode

  • As I already stated, the cost per application is very high which makes the use of Veracode too expensive for many of out applications.
  • The analysis report is accepted by our clients as a proper SSAT report.
  • Most of out competition does not perform any type of SSAT on the applications they create. This is something we offer and be the only one out there doing this type of testing.
Glenn Jones | TrustRadius Reviewer

Screenshots

Add comparison