× Welcome to SGCyberSecurity forum!

Feel free to discuss any topics relating to cybersecurity with the rest of the security community in this forum.

Topic-icon Fortify vs checkmarx

55 years 1 week ago #1051 by o_icemanssl22

There is commercial and open source tools available. Depend on your needs and budget I guess.

Open source:

Google CodeSearchDiggity

FxCop

FindBugs

RATS

OWASP SWAAT Project

Please Log in or Create an account to join the conversation.

55 years 1 week ago #1055 by o_34jonston

thanks icemanssl22. have u used these tools b4? which one is good?

Please Log in or Create an account to join the conversation.

55 years 1 week ago #1062 by o_jolinho

try fortify, it's one of the best in the market. :)

Please Log in or Create an account to join the conversation.

55 years 1 week ago #1064 by o_icemanssl22

Hi 34jonston, I?ÿuses Google CodeSearchDiggity and FxCop for .net. Pretty good and meet my objective.

Guess it also depend on your target size, complexity and goal.

Please Log in or Create an account to join the conversation.

55 years 1 week ago #1067 by o_Akash Desai

I evaluated both products a few months ago. While performance is similar in many areas, I can say for sure that Checkmarx is more user friendly and our developers prefer it over Fortify. The fact it can scan un-compiled source code is useful and the ability to fine tune the scan rules allowed us to minimize false positives to a few % which I consider negligible. Another important factor - ?ÿI found the Checkmarx support team to be more responsive.

Please Log in or Create an account to join the conversation.

55 years 1 week ago #1069 by o_34jonston

Scan un-compiled source code meaning I do not pass through all the codes and library files thru the scanner? That's interesting cos I heard fortify need everything to be compiled before u can run the scan.

Please Log in or Create an account to join the conversation.