Skip to content
Fortify logo

Comprehensive application security testing for identifying and remediating vulnerabilities.

Visit Website
Reviews onG2CapterraSourceForge
128 reviews tracked

The Bottom Line

Entry price

Free plan available, paid tiers above

Biggest pro

Offers a broad range of AST technologies in one platform

Biggest con

Can be complex to set up and configure

TL;DR - Fortify

  • Comprehensive SAST, DAST, and IAST capabilities
  • Integrates security into the SDLC
  • Identifies and prioritizes software vulnerabilities
Pricing: Free plan available
Best for: Growing teams
4.7/5 across review platforms

What is Fortify?

Editorial review
Fortify, a Micro Focus product, offers a suite of application security testing (AST) solutions designed to help organizations identify, prioritize, and remediate security vulnerabilities in their software. It encompasses Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST) capabilities, providing a holistic view of application security risks throughout the software development lifecycle (SDLC). Fortify is primarily aimed at enterprises and development teams that need to integrate security into their DevOps pipelines. It helps developers write more secure code, security teams enforce policies, and organizations meet compliance requirements by providing detailed vulnerability analysis, remediation guidance, and reporting. Its robust scanning engines and integration capabilities make it suitable for large-scale application portfolios and complex development environments.

Pros & Cons

Pros

  • Offers a broad range of AST technologies in one platform
  • Strong reputation and maturity in the AST market
  • Provides detailed and actionable vulnerability insights
  • Good integration capabilities with development tools
  • Scalable for large organizations and complex applications

Cons

  • Can be complex to set up and configure
  • May require significant resources for deployment and management
  • Can produce a high number of findings, requiring effort to triage

Ratings Across the Web

4.7(128 reviews)

Ratings aggregated from independent review platforms. Learn more

Key Features

Static Application Security Testing (SAST)Dynamic Application Security Testing (DAST)Interactive Application Security Testing (IAST)Software Composition Analysis (SCA)Runtime Application Self-Protection (RASP)Vulnerability correlation and prioritizationIntegration with IDEs and CI/CD pipelinesCustomizable policies and rules

Pricing

Freemium

Fortify offers a generous free tier with optional paid upgrades for advanced features.

View pricing

Reviews

Improve Your Thinking Patterns Using ChatGPT cover
$99Free with your review

Review Fortify, get a free AI guide

Share your experience and we will send you Improve Your Thinking Patterns Using ChatGPT, free.

Write a review
4.7/5

Across 128 verified user reviews on SourceForge, G2, Capterra

Add your hands-on experience using the offer above to help the next buyer.

Best Fortify Alternatives

Top alternatives based on features, pricing, and user needs.

View full list →

Most buyers shortlist 2 or 3 tools before committing. Pull a side-by-side comparison or browse the full alternatives shortlist below.

Explore More

Fortify FAQ

How does Fortify help integrate security into the DevOps pipeline?

Fortify offers a suite of application security testing (AST) solutions, including SAST, DAST, and IAST, that can be integrated into DevOps pipelines. This allows development teams to identify and remediate security vulnerabilities throughout the software development lifecycle, ensuring security is a continuous part of the process.

Which teams benefit most from using Fortify?

Fortify is best suited for enterprises and development teams that need to embed security practices within their DevOps pipelines. It helps developers write more secure code, enables security teams to enforce policies, and assists organizations in meeting compliance requirements through detailed vulnerability analysis.

How does Fortify compare to Veracode in terms of its offerings?

Fortify provides a broad range of AST technologies, including SAST, DAST, and IAST, within a single platform, offering a holistic view of application security risks. It is known for its strong reputation and maturity in the AST market, providing detailed and actionable vulnerability insights for large-scale application portfolios.

What kind of trade-offs should organizations consider when implementing Fortify?

Organizations should be aware that Fortify can be complex to set up and configure, potentially requiring significant resources for deployment and ongoing management. It may also produce a high number of findings, which necessitates dedicated effort for effective triaging.

Does Fortify include a free tier?

Yes, Fortify is available on a free tier, with additional paid plans offered for users requiring more extensive usage and advanced features.

How does Fortify provide a comprehensive view of application security risks?

Fortify achieves a comprehensive view by integrating Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST) capabilities. This combination allows it to identify, prioritize, and help remediate security vulnerabilities across different stages of the software development lifecycle.

Guides & Articles