Application Security

OpenText Fortify Static Code Analyzer

Find and fix security issues early with the most accurate results in the industry

Cybersecurity team looking for security issues

Overview

User fixing security vulnerabilities

OpenText™ Fortify Static Code Analyzer pinpoints the root cause of security vulnerabilities in the source code, prioritizes the most serious issues, and provides detailed guidance on how to fix them. Plus, centralized software security management helps developers resolve issues in less time.

Read the data sheet

How OpenText Fortify Static Code Analyzer can benefit business

  • Protection alert icon

    Find security issues early

    Customize code analysis and apply rules to identify violations quickly, with multiple options to view results.

  • Eliminate vulnerabilities in source, binary, or byte

    Get fast and accurate scans

    Identity and eliminate vulnerabilities in source, binary, or byte early in development, with accurate results based on the OWASP 1.2b Benchmark.

  • Integrate with security tools

    Automate security in the CI/CD pipeline

    Integrate Fortify with CI/CD tools, including Jenkins, OpenText™ Software Delivery Management, Jira, Atlassian Bamboo, Azure DevOps, Eclipse, and Microsoft Visual Studio.

  • Reduce development time and cost

    Reduce development time and cost

    Embed Fortify into the SDLC to reduce development time and cost by up to 25%. Find twice as many vulnerabilities and reduce false positives up to 95%.

Why OpenText Fortify Static Code Analyzer?

  • Depth of coverage

    Gain support for 1,657 vulnerability categories across 33+ languages, spanning more than one million individual APIs.

  • Easy integration

    Embed security into application development tools you use, with OpenText Static Application Security Testing (SAST)’s integration ecosystem.

  • Speed vs. depth in SAST

    Gain control of the speed and accuracy of SAST by tuning the depth of the scan and minimizing false positives with Audit Assistant.

  • Enterprise scaling

    Dynamically scale SAST scans up or down to meet the changing demands of the CI/CD pipeline.

  • Securing cloud-native apps 

    Achieve comprehensive shift-left security for cloud-native applications, from IaC to serverless, in a single solution.

  • Flexible deployment

    Deploy our industry-leading SAST solution on premises, in the cloud, or AppSec-as-a-service.

Key features

  • Developer-friendly language coverage

    Supports ABAP/BSP, ActionScript, Apex, ASP.NET, C# (.NET), C/C++, Classic, ASP (with VBScript), COBOL, ColdFusion CFML, Go, HTML, Java (including Android), JavaScript/AJAX, JSP, Kotlin, and more.

  • Flexible deployment options 

    Includes options such as the SaaS-based Fortify On Demand platform, Fortify Hosted, which combines SaaS and on-premises features, and Fortify On-Prem, which offers full control over the Fortify solution.

  • Real-time code security analysis and results

    Provides structural and configuration analyzers that are purpose built for speed and efficiency. Security Assistant only returns high-confidence findings with immediate results in the IDE.

  • Automation with applied machine learning

    Provides automated audit results in minutes, minimizing auditor workload and prioritizing issues with accurate and consistent audit results.

  • ScanCentral

    Enables lightweight packaging on the build server and provides a scalable, centralized, scanning infrastructure.

Support to cover the languages developers use and love

OpenText Fortify SAST provides accurate support for 33+ major languages and their frameworks, with agile updates backed by the industry-leading Software Security Research (SSR) team

SAP ABAP logoSAP ABAP
Action Script logoAction Script
Angular logoAngular
Apex logoApex
Microsoft ASP logoMicrosoft ASP
Bicep logoBicep
CSharp logoCSharp
C++ logoC++
COBOL logoCOBOL
Cold Fusion logoCold Fusion
Docker logoDocker
Go Lang logoGo Lang
HTML5 logoHTML5
Java logoJava
Java Script logoJava Script
JSON logoJSON
JSP logoJSP
Kotlin logoKotlin
MXML logoMXML
Net logo.Net
NETCore logo.NETCore
PHP logoPHP
PL/SQL logoPL/SQL
Python logoPython
Ruby logoRuby
Scala logoScala
Swift Trans logoSwift Trans
T-SQL logoT-SQL
Terraform logoTerraform
Type Script logoType Script
Microsoft Visual Basics logoMicrosoft Visual Basics
Visual Basic logoVisual Basic
Windows Mobile logoWindows Mobile
XML logoXML
YAML logoYAML

Accelerate the value of OpenText Fortify Static Code Analyzer

Professional Services

OpenText Professional Services combines end-to-end solution implementation with comprehensive technology services to help improve systems.

Partners

OpenText helps customers find the right solution, the right support, and the right outcome.

Training

OpenText Learning Services offers comprehensive enablement and learning programs to accelerate knowledge and skills.

Communities

Explore our OpenText communities. Connect with individuals and companies to get insight and support. Get involved in the discussion.

Premium Support

Optimize the value of your OpenText solution with dedicated experts who provide mission-critical support for your complex IT environment.

OpenText Fortify Static Code Analyzer resources

location world icon

OpenText supports high-quality application release with less expense and effort

Learn more
SAP logo

OpenText protects SAP and its customers against software-related financial losses

Learn more
Callcredit logo

Callcredit adds OpenText into development lifecycle

Learn more

Cybersecurity in a web 3.0 world

Read the flyer

5 reasons why SAST + DAST with Fortify makes sense

Learn more

Cybersecurity in a web 3.0 world

Read the flyer

5 reasons why SAST + DAST with Fortify makes sense

Learn more

Gartner names Fortify a leader in critical capabilities

Read the blog

Great code requires great security

Read the blog

Gartner names Fortify a leader in critical capabilities

Read the blog

Great code requires great security

Read the blog