Used for multiple environments, compilers, and operating systems, including Altera, Xilinx, Linux, Windows, and cross-compiler environments.
Its ability to find security defects is valuable. However, support for older compilers/IDEs is lacking
Pros and Cons
- "Its ability to find security defects is valuable."
- "Support for older compilers/IDEs is lacking."
What is our primary use case?
How has it helped my organization?
It is a good product when support for environments is included. It finds several items and is also good at not reporting false positives.
What is most valuable?
Its ability to find security defects is valuable. The elimination of security defects is my top priority. Of secondary importance is finding coding defects.
What needs improvement?
Support for older compilers/IDEs is lacking. Many developers are still using environments that are known for having security issues. For example, Visual Studio 2005, 2008, and older, gcc 1.x, etc. are still being used. However, we cannot analyze a project using these older compilers because they are no longer supported by Fortify. If I can't find security issues injected by the development environment because I'm forced to use a newer compiler, then I cannot make recommendations to use an updated compiler. This is a particularly thorny issue wherein development environments of mission critical systems do not change and yet we need to recommend usage of newer development environments.
Buyer's Guide
Application Security Tools
June 2026
Find out what your peers are saying about OpenText, SonarSource Sàrl, Checkmarx and others in Application Security Tools. Updated: June 2026.
900,644 professionals have used our research since 2012.
For how long have I used the solution?
More than five years.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Buyer's Guide
Download our free Application Security Tools Report and find out what your peers are saying about OpenText, SonarSource Sàrl, Checkmarx, and more!
Updated: June 2026
Product Categories
Application Security ToolsPopular Comparisons
Checkmarx One
PortSwigger Burp Suite Professional
OpenText Core Application Security
Sonatype Lifecycle
GitHub Advanced Security
GitGuardian Platform
HCL AppScan
Qualys Web Application Scanning
Aikido Security
Buyer's Guide
Download our free Application Security Tools Report and find out what your peers are saying about OpenText, SonarSource Sàrl, Checkmarx, and more!
Quick Links
Learn More: Questions:
- What is the Biggest Difference Between Checkmarx and Fortify?
- If you had to both encrypt and compress data during transmission, which would you do first and why?
- When evaluating Application Security, what aspect do you think is the most important to look for?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- What are the Top 5 cybersecurity trends in 2022?
- Which application security solutions include both vulnerability scans and quality checks?
- We're evaluating Tripwire, what else should we consider?
- Is SonarQube the best tool for static analysis?
- Why Do I Need Application Security Software?
- Which Email Security enterprise solution would you choose: Cisco Secure Email vs Forcepoint Email Security vs Barracuda Email Security Gateway?
