OpenText Static Application Security Testing (Fortify)
以行业领先的准确性,尽早发现并修复安全问题
Gartner® 将 OpenText 评为应用程序安全领域的领导者获取魔力象限报告
在 CI/CD 管道中实现安全自动化
为什么选择 OpenText Static Application Security Testing?
发现其他人忽略的关键漏洞。OpenText SAST 与 GitHub、GitLab、Jenkins、Azure DevOps、VS Code、Eclipse 等集成,能够在保障代码安全的同时,让开发人员保持高效的工作节奏。
- 1,495+
评估的漏洞类别
涵盖 33 种以上语言和超过一百万个独立的 API。 - 350+
支持的框架
提供无与伦比的广度和灵活性,确保在各种开发环境中实现全面的安全保障。 - 94%
的 OpenText 用户同意
OpenText Static Application Security Testing 可帮助他们改进应用程序安全计划。
看看客户怎么说
集成 [OpenText SAST] 减少了代码审查所需的工作量,其质量也优于市场上的其他工具。
借助 [OpenText] 实现安全测试自动化后,我们已对几乎 100% 的 CI/CD 管道(总计达数万个)进行了 SAST 扫描。
通过将 [OpenText SAST] 集成到我们的 CI/CD 管道中,我们实现了安全测试自动化,并能尽早发现漏洞,从而降低了修复成本并加快了安全软件的交付速度。
……无论是首次扫描还是对软件模块进行定期扫描(在开发团队提交 FPR 之后的审查级别),我们的测试工作都更容易量化和管理。
[OpenText] 帮助我们发现了开发人员代码中的漏洞。针对每项发现的建议都帮助我们的开发人员迅速修复了代码。这将有助于确保我们发布的产品的安全。
用例
OpenText SAST 可为多种开发语言提供全面的安全性,同时与您选择的开发工具集成。利用自定义扫描深度平衡速度和准确性,利用 AI 助手减少误报,并动态扩展。
-
在编写源代码时进行扫描,以便在代码合并或发布前捕获漏洞。在合并之前,在开发者 IDE 或拉取请求中查找问题。尽早解决问题可大幅降低修复成本,并防止安全债务的累积。
-
将 SAST 嵌入 DevOps 流程,在每个构建或部署阶段自动阻止或标记不安全代码。这确保了安全性与敏捷开发保持同步,并且不会降低发布速度。
-
利用基于策略的扫描执行和报告功能,强制执行安全编码实践,并检测违反合规性框架(如 OWASP 十大安全漏洞、NIST、PCI-DSS、ISO 27001 等)的情况,从而降低因不合规而面临审计、罚款或声誉受损的风险。
-
在传统堆栈和现代架构(如微服务、API、容器)中应用一致的安全扫描。静态分析扩展到了移动平台、REST API 和现代接口。该方案适用于运行混合环境且需要全栈安全防护的企业。
-
使用集中式仪表板和可自定义的报告来跟踪发现的问题、修复进度和团队绩效,为安全领导者提供所需的可见性,以管理风险并向管理层和开发团队及时传达状况。
-
提供可操作的指导、IDE 集成以及上下文修复建议,帮助开发人员更快地修复漏洞。减少安全团队与开发团队之间的摩擦,提高修复率,并鼓励安全编码习惯。
关键功能
OpenText SAST 通过 AI 驱动的分析、云原生支持和灵活部署提供企业级代码安全性,帮助组织降低风险、简化合规性并大规模构建安全软件。
全面的语言和框架支持
支持 33 种以上语言、350 多种框架,并检测源代码中超过 200 种类型的机密信息。支持在整个代码库中进行一致且全面的安全测试。
灵活的部署选项
包括诸如基于 SaaS 的 OpenText™ Core Application Security 测试平台、结合了 SaaS 和本地部署功能的私有托管,以及可完全控制应用程序安全测试解决方案的脱离云端模式等选项。
集成基础设施即代码 (IaC) 扫描
在一个平台上提供一流的 IaC 和应用安全扫描,支持 Docker®、Kubernetes® 和无服务器架构,所有功能均由单一核心引擎驱动。
AI 驱动的审计与修复
借助 OpenText™ Application Security Aviator™,通过 SaaS 和云外访问,加速审计和漏洞检测,并针对 SAST 漏洞提供自动代码修复建议。
下一代 SAST 引擎
覆盖 33 种以上语言、1,495 种以上的漏洞类别、350 多种框架和 100 多万个 API。
全面的语言和框架支持
OpenText SAST 可为 33 种以上的主要语言及其框架提供准确的支持,并在行业领先的软件安全研究 (SSR) 团队的支持下进行敏捷更新
SAP ABAP
Action Script
Angular
Apex
Microsoft ASP
Bicep
CSharp
C++
COBOL
Cold Fusion
Docker
Go Lang
HTML5
Java
Java Script
JSON
JSP
Kotlin
MXML
.Net
.NETCore
PL/SQL
Python
Ruby
Scala
Swift Trans
T-SQL
Terraform
Type Script
Microsoft Visual Basics
Visual Basic
Windows Mobile
XML
YAML加速实现 OpenText Static Application Security Testing 的价值
部署
OpenText 为 OpenText Static Application Security Testing 提供了部署选择和灵活性。
-
在您选择的公共云中,随时随地运行并实现全球扩展
OpenText 公共云(多租户 SaaS)
-
扩展您的团队
在非云端本地部署软件,由您的组织或 OpenText 托管
-
与 OpenText 云专家一起加速实施云策略
OpenText 私有云(单租户)在 OpenText Cloud、AWS、GCP 或 Azure 上运行
-
开发、连接和扩展您的信息管理能力
OpenText™ Developer Cloud 的 API
专业服务
OpenText 专业服务将端到端解决方案的实施与全面技术服务相结合,以优化系统。
-
让值得信赖的合作伙伴为您指引信息管理之路
您的成功之路
-
加快您的信息管理之旅
咨询服务
-
利用现代解决方案,推动您的业务迈向未来
NextGen Services
-
释放信息管理解决方案的全部潜力
客户成功服务
合作伙伴
OpenText 帮助客户找到合适的方案、恰当的支持与理想的结果。
-
搜索 OpenText 合作伙伴目录
寻找合作伙伴
-
浏览 OpenText 的合作伙伴解决方案目录
应用程序市场
-
增强 OpenText 产品和解决方案的行业领先组织
战略合作伙伴
社区
探索我们的 OpenText 社区。与个人和企业建立联系,获取洞察和支持。参与讨论。
-
探索想法、加入讨论并建立人脉
OpenText 社区
OpenText Static Application Security Testing resources
OpenText Static Application Security Testing (SAST)
Read the data sheetSupport and documentation
View the documentationKnowledge base
View the knowledge base portalOpenText Static Application Security Testing (SAST)
Read the data sheetSupport and documentation
View the documentationKnowledge base
View the knowledge base portal-
Static application security testing (SAST) analyzes application source code, bytecode, or binaries to detect security vulnerabilities during development. Identifying risks like early in the software development lifecycle (SDLC), makes remediation faster and less expensive.
-
OpenText SAST is a static analysis solution supporting 33+ programming languages and integrating with developer tools, CI/CD pipelines, and ticketing systems. It combines deep static analysis with vulnerability coverage mapped to standards such as OWASP Top 10, CWE, and NIST.
-
SAST helps developers embed security into early software development. OpenText SAST integrates with IDEs (e.g., Visual Studio®, IntelliJ®), build tools (e.g., Maven, Gradle), and CI/CD platforms (e.g., Jenkins™, Azure DevOps®), allowing security scans to run automatically during coding and builds.
-
While SAST primarily analyzes proprietary code, OpenText complements it with Software Composition Analysis (SCA) tools that identify risks in open-source libraries, such as known vulnerabilities, outdated components, and licensing issues.
-
OpenText SAST supports web, mobile, desktop, and cloud-native applications across a wide range of languages including Java, .NET, JavaScript, Python, C/C++, Swift, Kotlin, Go, and more. It also handles infrastructure-as-code (IaC), containers, and APIs.
-
OpenText SAST provides out-of-the-box support for security and compliance frameworks such as OWASP Top 10, PCI DSS, NIST 800-53, and ISO 27001. The platform delivers policy-based scan management, audit-ready reporting, and dashboards that demonstrate risk posture and remediation progress.
-
OpenText Static Application Security Testing offers flexible deployment on-premises for full control and customization, as hosted and managed scanning infrastructure where your team submits code remotely, and as a fully managed experience (OpenText™ Core Application Security).
-
OpenText SAST includes support for popular IDEs like Visual Studio, IntelliJ, and Eclipse®, as well as CI/CD tools such as Jenkins, GitHub Actions®, GitLab CI®, Azure DevOps, and Bamboo™. The platform also integrates with issue tracking systems like Jira®, enabling automatic ticket creation.
Smarter, faster AppSec
Turn SAST findings into learning, helping developers quickly remediate vulnerabilities.
Read the blog
Why SAST false positives are inevitable
Explore why false positives in SAST tools occur, the trade-offs involved, and how to manage them.
Read the blog
Why SAST + SCA is the key to protecting your organization in 2025
Software supply chain risk continues to rise—156% year-over-year increase in malicious attacks.
Read the blog
Customers’ Choice
OpenText recognized for Application Security Testing on Gartner® Peer Insights™︎.
Read the blog
Generative AI: A double-edged sword for application security
IDC predicts that by 2026, 40% of net-new applications will incorporate AI.
Read the blog
OpenText named a Leader in Critical Capabilities by Gartner
OpenText is a Leader in SAST and DAST, and one of the only vendors that moved up in the quadrant.
Read the blogWhat is static application security testing (SAST)
Learn moreCybersecurity in a Web 3.0 world
Learn more5 reasons why SAST + DAST with OpenText makes sense
Learn moreOpenText SAST tools
View the community pageWhat is static application security testing (SAST)
Learn moreCybersecurity in a Web 3.0 world
Learn more5 reasons why SAST + DAST with OpenText makes sense
Learn moreOpenText SAST tools
View the community page-
OpenText™ Core Application Security
Unlock security testing, vulnerability management, and tailored expertise and support
-
OpenText™ Dynamic Application Security Testing
Scan, test, and identify security vulnerabilities in apps and services
-
OpenText™ Application Security Aviator
Secure smarter, not harder with AI code analysis and code fix suggestions
-
OpenText™ Core Software Composition Analysis
Take full control of open source security, compliance, and health
