Skip to content
Toolradar
Fortify logo

Fortify

Unclaimed

Comprehensive application security testing for identifying and remediating vulnerabilities.

SecurityTesting & QADevOps
Visit Website
Reviews onG2CapterraSourceForge
128 reviews tracked

The Bottom Line

Entry price

Free plan available, paid tiers above

Biggest pro

Offers a broad range of AST technologies in one platform

Biggest con

Can be complex to set up and configure

TL;DR - Fortify

  • Comprehensive SAST, DAST, and IAST capabilities
  • Integrates security into the SDLC
  • Identifies and prioritizes software vulnerabilities
Pricing: Free plan available
Best for: Growing teams
4.7/5 across review platforms

What is Fortify?

Editorial review
Fortify, a Micro Focus product, offers a suite of application security testing (AST) solutions designed to help organizations identify, prioritize, and remediate security vulnerabilities in their software. It encompasses Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST) capabilities, providing a holistic view of application security risks throughout the software development lifecycle (SDLC). Fortify is primarily aimed at enterprises and development teams that need to integrate security into their DevOps pipelines. It helps developers write more secure code, security teams enforce policies, and organizations meet compliance requirements by providing detailed vulnerability analysis, remediation guidance, and reporting. Its robust scanning engines and integration capabilities make it suitable for large-scale application portfolios and complex development environments.
how we evaluateSourcemicrofocus.com

Pros & Cons

Pros

  • Offers a broad range of AST technologies in one platform
  • Strong reputation and maturity in the AST market
  • Provides detailed and actionable vulnerability insights
  • Good integration capabilities with development tools
  • Scalable for large organizations and complex applications

Cons

  • Can be complex to set up and configure
  • May require significant resources for deployment and management
  • Can produce a high number of findings, requiring effort to triage

Ratings Across the Web

4.7(128 reviews)
G252 reviews
4.6/5
Capterra10 reviews
5/5
SourceForge66 reviews
4.5/5

Ratings aggregated from independent review platforms. Learn more

Key Features

Static Application Security Testing (SAST)Dynamic Application Security Testing (DAST)Interactive Application Security Testing (IAST)Software Composition Analysis (SCA)Runtime Application Self-Protection (RASP)Vulnerability correlation and prioritizationIntegration with IDEs and CI/CD pipelinesCustomizable policies and rules

Pricing

Freemium

Fortify offers a generous free tier with optional paid upgrades for advanced features.

View pricing

Reviews

4.7/5

Across 128 verified user reviews on SourceForge, G2, Capterra

Add your hands-on experience to help the next buyer.

Write a Toolradar review

Best Fortify Alternatives

Top alternatives based on features, pricing, and user needs.

View full list →
GitLab logo
GitLabFreemium

The most comprehensive AI-powered DevSecOps platform for secure and accelerated software delivery.

4.6
Burp Suite logo
Burp SuitePaid

Web security testing toolkit for penetration testers

4.7
Snyk logo
SnykFreemium

Secure your code, dependencies, containers, and IaC from dev to production

4.5
Veracode logo
VeracodePaid

Application security testing platform

4.1
SonarQube logo
SonarQubeFreemium

Automated code review for bugs, vulnerabilities, and code smells

4.5
Checkmarx logo
CheckmarxPaid

Application security testing platform

4.2
OWASP ZAP logo
OWASP ZAPFree

Open-source web application security scanner

4.5
GitHub Actions logo
GitHub ActionsFreemium

Automate CI/CD, testing, and deployment directly from your repository

See all Security tools →

Still deciding?

Most buyers shortlist 2 or 3 tools before committing. Pull a side-by-side comparison or browse the full alternatives shortlist below.

All Fortify alternatives8+ tools ranked, pricing + verdict per pickFortify vs GitLabHead-to-head: features, pricing, who winsFortify vs Burp SuiteHead-to-head: features, pricing, who winsFortify vs SnykHead-to-head: features, pricing, who wins

Explore More

Best Security ToolsBest Testing & QA ToolsBest DevOps ToolsBest Free SecurityBest Free Testing & QABest Free DevOps

Fortify FAQ

What is Fortify?

Fortify is a suite of application security testing (AST) tools by Micro Focus that helps organizations find and fix security vulnerabilities in their software. It includes Static, Dynamic, and Interactive Application Security Testing.

How much does Fortify cost?

Fortify is a paid enterprise solution. Specific pricing details are typically provided upon request or through a sales consultation, as it depends on the scope of deployment and features required.

Who is Fortify for?

Fortify is designed for enterprises, development teams, and security professionals who need to secure their software applications throughout the development lifecycle, especially in regulated industries or for large application portfolios.

What are the main features of Fortify?

Key features include Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), Software Composition Analysis (SCA), Runtime Application Self-Protection (RASP), vulnerability correlation, and integrations with development tools and CI/CD pipelines.

Source: microfocus.com

Guides & Articles

Best Compliance Management Software in 2026

Expert guide

Best Secrets Management Tools in 2026

Expert guide

Best Observability Platforms in 2026

Expert guide