Application Security

OpenText Fortify Static Code Analyzer

Find and fix security issues early with the most accurate results in the industry

Cybersecurity team looking for security issues


User fixing security vulnerabilities

OpenText™ Fortify™ Static Code Analyzer pinpoints the root cause of security vulnerabilities in the source code, prioritizes the most serious issues, and provides detailed guidance on how to fix them. Plus, centralized software security management helps developers resolve issues in less time.

Read the data sheet

Why choose Fortify Static Code Analyzer?

  • Depth of coverage

    Gain support for 1,657 vulnerability categories across 33+ languages, spanning more than one million individual APIs.

  • Easy integration

    Embed security into application development tools you use, with Fortify’s integration ecosystem.

  • Speed vs. depth in SAST

    Gain control of the speed and accuracy of SAST by tuning the depth of the scan and minimizing false positives with Audit Assistant.

  • Enterprise scaling

    Dynamically scale SAST scans up or down to meet the changing demands of the CI/CD pipeline.

  • Securing cloud-native apps 

    Achieve comprehensive shift-left security for cloud-native applications, from IaC to serverless, in a single solution.

  • Flexible deployment

    Deploy our industry-leading SAST solution on premises, in the cloud, or AppSec-as-a-service.

Find security issues at the speed of DevOps

Automate, customize, and speed the identification and elimination of vulnerabilities.

  • Protection alert icon

    Find security issues early

    Customize code analysis and apply rules to identify violations quickly, with multiple options to view results.

  • Eliminate vulnerabilities in source, binary, or byte

    Get fast and accurate scans

    Identity and eliminate vulnerabilities in source, binary, or byte early in development, with accurate results based on the OWASP 1.2b Benchmark.

  • Integrate with security tools

    Automate security in the CI/CD pipeline

    Integrate Fortify with CI/CD tools, including Jenkins, OpenText™ ALM Octane™, Jira, Atlassian Bamboo, Azure DevOps, Eclipse, and Microsoft Visual Studio.

  • Reduce development time and cost

    Reduce development time and cost

    Embed Fortify into the SDLC to reduce development time and cost by up to 25%. Find twice as many vulnerabilities and reduce false positives up to 95%.


  • Developer-friendly language coverage

    Supports ABAP/BSP, ActionScript, Apex, ASP.NET, C# (.NET), C/C++, Classic, ASP (with VBScript), COBOL, ColdFusion CFML, Go, HTML, Java (including Android), JavaScript/AJAX, JSP, Kotlin, and more.

  • Flexible deployment options 

    Includes options such as the SaaS-based Fortify On Demand platform, Fortify Hosted, which combines SaaS and on-premises features, and Fortify On-Prem, which offers full control over the Fortify solution.

  • Real-time code security analysis and results

    Provides structural and configuration analyzers that are purpose built for speed and efficiency. Security Assistant only returns high-confidence findings with immediate results in the IDE.

  • Automation with applied machine learning

    Provides automated audit results in minutes, minimizing auditor workload and prioritizing issues with accurate and consistent audit results.

  • ScanCentral

    Enables lightweight packaging on the build server and provides a scalable, centralized, scanning infrastructure.

Explore the advantages of OpenText and partner services

Professional Services

OpenText Consulting Services combines end-to-end solution implementation with comprehensive technology services to help improve systems.


OpenText helps customers find the right solution, the right support and the right outcome.


OpenText Learning Services offers comprehensive enablement and learning programs to accelerate knowledge and skills.


Explore our OpenText communities. Connect with individuals and companies to get insight and support. Get involved in the discussion.

Leaders trust OpenText

See how customers are succeeding with OpenText Fortify Static Code Analyzer.

See more success stories
Location World logo image

Fortify supports high-quality application release with less expense and effort

Learn more
SAP logo

The Fortify portfolio protects SAP and its customers against software-related financial losses, business interruption, and damage to corporate brand

Learn more
Callcredit logo

Callcredit adds Fortify SCA into development lifecycle. UK consumer information management firm finds vulnerabilities early for secure code development

Learn more

Fortify Static Code Analyzer resources

Cybersecurity in a web 3.0 world

Read the brief

5 reasons why SAST + DAST with Fortify makes sense

Learn more

Gartner names Fortify a leader in critical capabilities

Read the blog

Software security center

Learn more

Great code requires great security

Read the blog