Review: Fortify Source Code Analysis Suite 4.5

By on
Review: Fortify Source Code Analysis Suite 4.5

Fortify Source Code Analysis Suite 4.5 performs static source code analysis. Various languages and architectures including ASP.NET, C/C++, C#, Java, JSP, PL/SQL, T-SQL, XML, VB.NET and other.NET languages are supported.

The product also works with environments, such as Microsoft Visual Studio, Eclipse, WebSphere Application Developer and IBM Rational Application Developer.

Installation of the various components required minimal effort. The product installs on various flavours of Windows and Unix and can be easily integrated into many different development environments. The suite consists of several components, targeted at the various roles within the systems development life cycle (SDLC). The Source Analyzer is at the heart of the solution, and is a command-line executable that integrates into the development build and IDE processes.

The Analyzer performed well against our test code. It can assess large code bases and multiple tiers of code execution largely independent of the environment it's running in. Other components include a custom rules builder and graphical front end for editing the results from the Source Analyzer. We found many administrative tasks to be resource-intensive on our test servers. Fortify recommends quality-assurance and testing staff use the front end to make audit decisions, while developers use the Analyzer within their build process.

Finally, a web-based management console provides high-level project information and dashboard views of vulnerability information. We found the suggested workflow to be on par with how most development teams would use the product. However, at times, the different look and feel of the various components suggests that some of them may be at separate stages in the product roadmap.

The documentation goes above and beyond just guiding the user through features and options. The text often relays the value of using proper roles within the SDLC and often reminds developers of the benefits of integrating automated code testing into the build processes.

Pricing for Source Code Analysis Suite 4.5 starts at US$1,200 per seat. Also, no support options were provided to our reviewers, but the Fortify website does have a link to a premium support area, as well as contact information for general support requests.

For: Powerful analysis of source code, solid documentation
Against: The various components have a disparate look and feel
Verdict: An excellent source-code analyser that preaches the value and benefits of integration within the SDLC

Got a news tip for our journalists? Share it with us anonymously here.
Tags:
45 analysis code fortify security suite

Sponsored Whitepapers

Understanding the next security control points: applications and workloads
Understanding the next security control points: applications and workloads
Best security practices after rapid Digital Transformation
Best security practices after rapid Digital Transformation
The CISO View 2021 Survey: Zero Trust and Privileged Access
The CISO View 2021 Survey: Zero Trust and Privileged Access
How and why to backup your Office 365 tenant
How and why to backup your Office 365 tenant
ForgeRock for Australia’s Trusted Digital Identity Framework (TDIF)
ForgeRock for Australia’s Trusted Digital Identity Framework (TDIF)

Events

Most Read Articles

Gravatar profile add-on leaks data on millions of users

Gravatar profile add-on leaks data on millions of users
Aussie Broadband makes formal $344m bid for Over The Wire

Aussie Broadband makes formal $344m bid for Over The Wire
Telstra, Optus, TPG Telecom advised to make coverage maps directly comparable

Telstra, Optus, TPG Telecom advised to make coverage maps directly comparable
Perth Mint CIO leaves after five months

Perth Mint CIO leaves after five months

Digital Nation

Catastrophic governance failures are rooted in organisational culture
Catastrophic governance failures are rooted in organisational culture
Case Study: Intrepid Group uses global travel shutdown to reimagine HR function
Case Study: Intrepid Group uses global travel shutdown to reimagine HR function
Fringe innovation unlocks power of diverse thinking
Fringe innovation unlocks power of diverse thinking
COVER STORY: Automation drives marketing success but complexity torments delivery
COVER STORY: Automation drives marketing success but complexity torments delivery
Case Study: Keeping CPA's board up to date about cybersecurity risks
Case Study: Keeping CPA's board up to date about cybersecurity risks

Log In

Email:
Password:
  |  Forgot your password?