Fortify Software Security Center Reviews

We have installed Fortify Static Code Analysis, SAST, in Ecuador in two customers. The Fortify ScanCentral includes three components: SAST, Fortify Software Security Center, and the WebInspect.

The main use case for Fortify Software Security Center is exceptional because we have governance and control through that console. You can centralize both static analysis and dynamic analysis, and correlate both analyses in one tool to get better results by combining those independent results from each solution. That is outstanding, and there is no tool I have seen on the market that offers these capabilities.

I appreciate the interoperability with other solutions from Fortify Software Security Center. Because we are using Kiuwan, you can run Kiuwan analyses and integrate them with Fortify Software Security Center to get those results in a single console. That is a good console for centralizing things in one point.

That is one of the best features of the on-premises Fortify.

In my opinion, there are no areas that could be improved with Fortify Software Security Center. I would say it is a good product and a mature product. However, the SAST has many improvement areas. As I mentioned, for demand, it is a must for SAST, and they have to involve the other four pillars to complete the whole solution. We are currently adding Kiuwan or SonarQube to the whole solution to complete it.

You will find me on PeerSpot, and I have been doing reviews since IT Central Station.

The support for Fortify on-premises is the same as for the other products. I would say the support is not good and I would rate it a three out of ten.

Neutral

We have a bank in Ecuador, Produbanco, that has achieved the better return on investment. They installed the Fortify on-premises in 2018, and they are really happy with that solution. They are buying support year to year and are not thinking to change the solution for any other solution in the market. I do not know the ROI number, but I would say the results are really good.

The pricing for the on-premises Fortify is expensive.

Comparing to other solutions, it is more expensive than something like SonarQube or similar products.

I have utilized Fortify's integration with development tools, specifically with GitLab and Jira. Development teams are getting a lot out of the flexible workflows because they did not have these kinds of tools before. They are getting automatic analysis because we configured the pipelines using Fortify and architected the process for automatic analysis. When the development team compiles the code and puts it in the repository, automatically we get the SAST analysis. When the SAST analysis is done and reaches the goal, we automatically trigger the WebInspect analysis, and when the WebInspect analysis is done and reaches the goal, we release the code for performance testing. I would rate this solution a ten out of ten.

They use it to scan applications and fix bugs, which are my customers' main use cases for Fortify Software Security Center.

As a reseller, I sell this product to provide application security because our customers are very careful about their application security and want to fix issues.

Fortify Software Security Center is an analyzer that can analyze my customers' products and source code to find violations.

It's very important because they want to scan their source code every day, so we provide CICD integration to our customers so they can auto build and auto test every day, get reports, and fix issues.

I combine an issue tracking system, and if they scan some violations, I send an issue to the code owner. When they get the issue report, they can fix it.

I tell my customers they must scan their code every day and fix it every day, and then their quality will improve. That is our concept for improving overall software quality and compliance standards.

Continuous deployment regarding updates has been helpful for our implementation.

I have been working with Fortify Software Security Center for over five years.

It's very stable, and I have not faced any problems with stability.

I don't use any Amazon products. I purchase GitLab directly from their website, not through AWS Marketplace or Amazon Marketplace.

I do not use any CRM solutions such as Salesforce, monday.com, Zoho CRM, Sage CRM, or Oracle as we don't need to use any CRM tools.

I use ChatGPT and Google Cloud SQL. I use GitLab Premium solution and have used the DevOp solution.

We don't use any Microsoft solutions currently, but we have security solutions including Fortify Software Security Center.

I am both a reseller and user of Fortify Software Security Center.

On a scale of 1-10, I rate Fortify Software Security Center an 8 out of 10.

I use Software Security Center from an on-premises perspective. It has a very intuitive dashboard that allows me to aggregate DAS and SAS scan data. The sensors and controllers are connected to Software Security Center, which aggregates all data. It helps with auditing results and allows for the customization of results and data on dashboards using templates.

Software Security Center is highly customizable and helps me test all vulnerability data against the latest conventions like OWASP Top Ten, CVE Top twenty-five, and several other legal compliances. WebInspect supports a number of APIs and web endpoints. I find its feature of macro recording allows for testing vulnerabilities during multi-factor authentication sessions very valuable. I appreciate the ability to further analyze data with tools like Audit Workbench.

Improvements needed for Software Security Center include better aggregation views of datasets. I desire additional features like trend analysis or deeper views of vulnerability data based on analysis. I also wish for features similar to those found in a SIM tool to see different data trends and log correlation.

I have been working with this tool for two years.

Software Security Center is very stable. It is used by top US banks and military institutions, making it a highly scalable and reliable solution.

The solution is very easy to scale by adding additional sensors and controllers.

Fortify provides professional services with a direct line of support, community forums, and multiple support channels. There's a support portal for direct answers or live chats. Support has increased significantly since OpenText acquired Micro Focus.

Neutral

Software Security Center is not too complex to set up. It requires some technical expertise due to prerequisites such as installing Java JDK however, the installation process is quite straightforward and follows a step-by-step process.

We have ROI calculators on our website to project your return on investment when acquiring the software. Detailed ROI information is available.

The cost is comparative. It is slightly more expensive than some solutions, yet given the level of service offered, it is comparatively not that expensive. Costing is scalable and catered to specific needs, capable of scaling up as required.

For those planning to use Software Security Center, I recommend it for deep analysis of vulnerability data. It provides reliable data with fewer false positives and customizable reports. The solution is highly customizable, highly scalable, and has become more accurate since the implementation of AI.

The overall rating for this tool is ten out of ten.

I work with Fortify Static Code Analyzer and Fortify Software Security Center.

I like the explanation of issues provided by Fortify Software Security Center. It explains the problem and provides suggestions for resolving the issue. Fortify Software Security Center is integrated into the CI/CD process and runs daily to test security.

I would like the false positive issue to diminish. I have experienced a lot of false positives, but I think this is due to using an older version. I hope the new version will resolve my problem.

I have used Fortify Software Security Center for five years.

In the beginning, it was difficult for me to verify that our usage of Fortify Software Security Center corresponded to the license and criteria. Now, we have negotiated a number of details to respect the license contract.

I would recommend Fortify Software Security Center to other organizations. I am not satisfied with the percentage of false positives, which is around eighteen percent. However, I am waiting for the new version to improve this. I rate the overall solution an eight out of ten.

We use the product to scan results, store and display data from Azure, identify scan results, analyze, report, and access company data.

The platform's most effective for identifying vulnerabilities features are the Fortify audit workbench and the collaboration module, which allow developers and security teams to share ideas and processes.

The product's overlap feature is restrictive and requires more customization efforts, which can be expensive.

I have been using Fortify Software Security Center for about 20 years.

I rate the platform stability an eight. 

In our organization, the product is used by five engineers. 

I rate the scalability a six out of ten. 

The technical support team is helpful. 

Positive

We opted for Fortify instead of a local vendor as it supports many languages and has a good engine.

The product requires one or two hours to complete the installation. 

As a Fortify partner company providing technical support, I find the product expensive in our country, where local, inexpensive products are available. 

I would rate the pricing a seven.

Fortify Analytics' AI function helps scan and provides more detailed explanations and recommendations about vulnerabilities.

It has a good collaboration function and is a centralized software solution. I rate it a nine out of ten. 

We use the solution for application security testing. 

You can easily download the tool's rule packs and update them. 

Fortify Software Security Center's setup is really painful. 

I have been working with the product for six months. 

I would rate Fortify Software Security Center's stability a seven out of ten. 

The product is difficult to scale due to multiple components. I would rate it a five or six out of ten. My company has 30-40 users for the tool. 

I raised a few tickets during the upgrade and didn't respond. We directly email a person. The solution's support is not good. 

Neutral

I would rate the tool's setup around four to five out of ten. The tool's deployment took a few weeks to update. Its documentation is really good. 

The solution is priced fair. 

I would rate the product an eight out of ten.

We use this solution purely for critical analysis.

The reporting is very useful because you can always view an entire list of the issues that you have.

The importing of the reports into the dashboard is helpful.

The integrability of this solution can be improved. Integration with other tools such as Jira is needed.

We are having issues with false positives that need to be resolved.

Being able to save reports in different formats would be helpful because they could be imported into other tools or repositories.

Technical support should respond more quickly to requests and inquiries.

In the next release, I would like to see a more streamlined output that is easy to manage. They do have a dashboard now, but it can be improved by making it simpler.

I have been working with Micro Focus Software Security Center for seven years.

This stability is good and I'm quite comfortable with it.

Scaling this product is easy as long as you have enough licenses. Until now, I haven't faced any major issues. We are not using the product to its capacity and it's still serving its purpose.

We have only a very limited number of users because it is only our security team that is using it, and we are not extending it to the developers. It is an IT manager and the team leads who are using it.

I have been in contact with technical support on a number of occasions, including a couple of meetings to discuss issues that we were having. We have been interacting with them.

My understanding from colleagues and friends in other companies is that nowadays, the service and support is not that great. I think that it used to be good, but now the responses are very slow.

The solution that we used prior to this one was developed internally, and we have not used other commercial tools. I have seen Rapid7 solutions, but have not used them to a great extent.

The initial setup is straightforward with no major problems.

We evaluated a couple of other options including Checkmarx and Veracode. We also looked at a solution to help collect and collate all of the logs and reports from different tools.

I do think that in terms of coverage, Micro Focus Fortify has an edge over this tool.

I would rate this solution a seven out of ten.

We are implementors and a reseller, and we work with many security solutions, including this one.

Our primary use case is securing the inside of applications.

We are working with the on-premises deployment model.

This solution is difficult to implement, and it should be made more comfortable for the end-users. Additional documentation may help, but the process overall should be made easier.

Technical support is not good, as they respond slowly. I would like to see different channels of support, and different methods to contact them, such as adding WhatsApp support. I would like to see more engineers and better response time. Even solving problems should be better.

The documentation is not clear and needs to be improved.

This is a stable solution at the end of the day. However, the implementation journey is very difficult.

This is a scalable solution.

Technical support is not good because they respond slowly and the documentation is not clear. You cannot directly follow the setup guide. I would rate their technical support a five out of ten.

The initial setup of this solution is very complex. Specifically, the integration between other parts of the solution is difficult. Also, the support is not good.

Deployment of this solution took approximately six months. One very experienced person is sufficient for deployment and maintenance of this solution.

This is a costly solution that could be cheaper.

The biggest lesson that I have learned from this solution is that investing in R&D is not the only factor in a successful product. You have to invest in all factors, including after-sale support.

I would rate this solution a seven out of ten.