The Fortify offering is a software-based solution which is also aCASE (computer aided software engineering) utility. Any source code canbe reviewed with the Source Code Analysis (SCA) suite. This ties tightly tothe PCI-DSS standards, which require code reviews, and also should bepart of a SDLC (system development life cycle). The use of source codeanalysis is, of course, the best way to spot flaws and, unlike most ofthe products we tested, is not a black box test.
Source Code Analysis (SCA) suite supports many languages — includingASP.NET, C/C++, C#, ColdFusion, Java, JSP, PL/SQL, T-SQL, XML, VB.NETand other .NET languages. Source Code Analysis (SCA) suite also supportsseveral development environments, such as Microsoft Visual Studio,Eclipse, WebSphere Application Developer and IBM Rational ApplicationDeveloper. Source Code Analysis (SCA) suite can be installed on a variety ofoperating systems, including Windows, Mac, Solaris, Linux, AIX and HPUX.
The installation of the suite was simple and the utilityautomatically downloads updates during part of the installationprocess. The process was a bit time-consuming as the process configuredthe system. The application installation performs most of theconfiguration without the need for user intervention. All in all, theinstallation process was among the simplest in this Group Test.
The suite arrived with a guide for the initial installation in hardcopy. A PDF version of the document is also available. The PDF filesare not indexed and searchable, so the PDF needs to be scannedmanually.
Support is offered through phone and a password-protected webportal, and also through email. In addition, the standard price allowsfor quarterly updates for the latest security tests for code review.Phone support is available 6 a.m. to 6 p.m. Pacific Standard Time.
The pricing for Source Code Analysis Suite is $1,200 per developer.This prices Source Code Analysis (SCA) suite at the low end of the spectrum.For a feature rich CASE environment, this price is definitely a value.