Review: Fortify Source Code Analysis Suite 4.5

By on
Review: Fortify Source Code Analysis Suite 4.5

Fortify Source Code Analysis Suite 4.5 performs static source code analysis. Various languages and architectures including ASP.NET, C/C++, C#, Java, JSP, PL/SQL, T-SQL, XML, VB.NET and other.NET languages are supported.

The product also works with environments, such as Microsoft Visual Studio, Eclipse, WebSphere Application Developer and IBM Rational Application Developer.

Installation of the various components required minimal effort. The product installs on various flavours of Windows and Unix and can be easily integrated into many different development environments. The suite consists of several components, targeted at the various roles within the systems development life cycle (SDLC). The Source Analyzer is at the heart of the solution, and is a command-line executable that integrates into the development build and IDE processes.

The Analyzer performed well against our test code. It can assess large code bases and multiple tiers of code execution largely independent of the environment it's running in. Other components include a custom rules builder and graphical front end for editing the results from the Source Analyzer. We found many administrative tasks to be resource-intensive on our test servers. Fortify recommends quality-assurance and testing staff use the front end to make audit decisions, while developers use the Analyzer within their build process.

Finally, a web-based management console provides high-level project information and dashboard views of vulnerability information. We found the suggested workflow to be on par with how most development teams would use the product. However, at times, the different look and feel of the various components suggests that some of them may be at separate stages in the product roadmap.

The documentation goes above and beyond just guiding the user through features and options. The text often relays the value of using proper roles within the SDLC and often reminds developers of the benefits of integrating automated code testing into the build processes.

Pricing for Source Code Analysis Suite 4.5 starts at US$1,200 per seat. Also, no support options were provided to our reviewers, but the Fortify website does have a link to a premium support area, as well as contact information for general support requests.

For: Powerful analysis of source code, solid documentation
Against: The various components have a disparate look and feel
Verdict: An excellent source-code analyser that preaches the value and benefits of integration within the SDLC

Got a news tip for our journalists? Share it with us anonymously here.
Tags:
45 analysis code fortify security suite

Sponsored Whitepapers

Empowering workforces in the new environment
Empowering workforces in the new environment
Is the technology refresh dead?
Is the technology refresh dead?
DevSecOps: A framework for digital innovation
DevSecOps: A framework for digital innovation
Encryption: Protect your most critical data
Encryption: Protect your most critical data
Overcoming data security challenges in a hybrid, multicloud world
Overcoming data security challenges in a hybrid, multicloud world

Events

Most Read Articles

Aussie Broadband says some customers are switching providers to get high-speed NBN discounts

Aussie Broadband says some customers are switching providers to get high-speed NBN discounts
Aussie Broadband to white label its services

Aussie Broadband to white label its services
Swinburne University data breach exposes details of 5000 staff, students

Swinburne University data breach exposes details of 5000 staff, students
CBA's digital benefits finder unlocks $481 million for customers

CBA's digital benefits finder unlocks $481 million for customers
You must be a registered member of iTnews to post a comment.
| Register

Log In

Username / Email:
Password:
  |  Forgot your password?