OpenText Static Application Security Testing(Fortify)
及早發現並修正安全問題,以業界領先的準確度
Gartner® 評選 OpenText 為應用程式安全領域的領導者獲取 Magic Quadrant 報告
在 CI/CD 管道中自動化安全措施
為什麼選擇 OpenText 靜態應用程式安全測試?
找出其他人忽略的關鍵弱點。OpenText SAST 與 GitHub、GitLab、Jenkins、Azure DevOps、VS Code、Eclipse 等整合,能及早保護程式碼,同時保持開發者快速運作。
- 1,495+
已評估的脆弱性類別
涵蓋 33 種以上的語言和超過一百萬個獨立的 API。 - 350+
支持的框架
提供無與倫比的廣度和彈性,確保在各種開發環境中都能涵蓋全面的安全性。 - 94%
OpenText 用戶同意
OpenText Static Application Security Testing 可幫助他們改進其應用程式安全計畫。
看看客戶怎麼說
整合 [OpenText SAST] 減少了程式碼審查所需的工作量,且其提供的品質優於其他市場工具。
透過使用 [OpenText] 實現我們的安全測試自動化,我們已經用 SAST 掃描覆蓋了幾乎 100% 的 CI/CD 管道,這些管道數量達到數萬條。
透過將 [OpenText SAST] 整合到我們的 CI/CD 管道中,我們自動化安全測試,及早識別漏洞,降低修復成本,加速安全軟體的交付。
……無論是首次掃描還是軟體模組的定期掃描(在開發團隊提交 FPR 之後的審查階段),我們的測試工作都變得更容易量化和管理。
[OpenText] 幫助我們發現開發人員程式碼中的漏洞。每項發現的建議幫助我們的開發人員快速修復他們的代碼。這將有助於保障我們發布的產品。
使用案例
OpenText SAST 可在多種開發語言中提供全面的安全保護,並可與您選擇的開發工具整合。透過自訂掃描深度來平衡速度與準確性,利用 AI 協助減少誤報,並動態擴展。
-
在程式碼編寫時進行掃描,以便在合併或發布之前發現漏洞。在合併前,先在開發者 IDE 或 pull request 中找出問題。及早修復問題可大幅降低修復成本,並避免累積安全債務。
-
將 SAST 嵌入 DevOps 管道中,以便在每個建置或部署階段自動封鎖或標記不安全的程式碼。這確保安全性能跟上敏捷開發的步伐,並且不會減慢發布速度。
-
透過政策驅動的掃描執行與報告,強化安全編碼實務,並偵測 OWASP Top 10、NIST、PCI-DSS、ISO 27001 等合規框架的違規行為,降低因不合規而遭受稽核、罰款或聲譽損害的風險。
-
在傳統堆疊和現代架構(例如:微服務、API、容器)中,應用一致的安全掃描。靜態分析擴展至行動平台、REST API 和現代介面。這項服務適用於運行混合環境且需要全方位安全覆蓋的企業。
-
使用集中式儀表板和可自訂的報告來追蹤發現、修復進度及團隊表現,為資安領導者提供所需的能見度,以管理風險並向管理層和開發團隊溝通狀態。
-
提供可行的指導、IDE 整合,以及情境中的修復建議,以協助開發人員更快地修復漏洞。減少資安與開發團隊之間的摩擦,提升修復率,並鼓勵安全的程式碼習慣。
主要功能
OpenText SAST 提供企業級程式碼安全,透過 AI 驅動的分析、雲端原生支援及靈活部署,協助組織降低風險、簡化合規,並大規模建構安全軟體。
全面的語言和框架覆蓋
支援 33 種以上的語言、350 種以上的框架,並能偵測超過 200 種以上的原始碼秘密類型。能夠在整個程式碼庫中進行一致且全面的安全測試。
彈性部署選項
包括 SaaS 型的 OpenText™ Core 應用程式安全測試平台、結合 SaaS 與內部部署功能的私有託管,以及提供對應用程式安全測試解決方案完全控制的離雲端選項。
整合式基礎架構即程式碼 (IaC) 掃描
在同一平台上提供頂尖的 IaC 和應用程式安全掃描,支援 Docker®、Kubernetes® 和無伺服器,全部由單一核心引擎驅動。
AI 驅動的審計與修復
使用OpenText™ Application Security Aviator™ ,透過 SaaS 和雲外存取,加速 SAST 漏洞的稽核和漏洞偵測,並搭配自動程式碼修復建議。
新一代 SAST 引擎
提供涵蓋 33 種以上語言、1,495 種以上漏洞類別、350 種以上框架及超過 100 萬個 API。
全面的語言和框架覆蓋
OpenText SAST 為 33 種以上主要語言及其框架提供精確支持,並由業界領先的軟體安全研究(SSR)團隊提供敏捷更新。
SAP ABAP
Action Script
Angular
Apex
Microsoft ASP
Bicep
CSharp
C++
COBOL
Cold Fusion
Docker
Go Lang
HTML5
Java
Java Script
JSON
JSP
Kotlin
MXML
.Net
.NETCore
PL/SQL
Python
Ruby
Scala
Swift Trans
T-SQL
Terraform
TypeScript
Microsoft Visual Basics
Visual Basic
Windows Mobile
XML
YAML加速發揮 OpenText Static Application Security Testing 的價值
部署
OpenText 提供部署選擇與彈性,適用於 OpenText 靜態應用程式安全測試。
-
在您選擇的公有雲中隨處運行並在全球擴展
OpenText 公有雲(多租戶 SaaS)
-
擴展您的團隊
非雲端的本機部署軟體,由貴組織或 OpenText 管理
-
與 OpenText 雲端專家加速雲端策略
OpenText 私有雲(單一租用戶)在 OpenText Cloud、AWS、GCP 或 Azure 上運行
-
開發、連接和擴展您的資訊管理能力
OpenText Developer Cloud 的 API
專業服務
OpenText 專業服務將端到端解決方案的實施與全面的技術服務相結合,以幫助改善系統。
-
尋找一位值得信賴的夥伴來引導您的資訊管理之路
您的成功之旅
-
加速您的資訊管理之旅
諮詢服務
-
利用現代解決方案,推動您的業務邁向未來。
NextGen 服務
-
發揮資訊管理解決方案的全部潛力
客戶成功服務
合作夥伴
OpenText 協助客戶找到合適的解決方案、適當的支援和適當的結果。
-
搜尋 OpenText 的合作夥伴目錄
尋找夥伴
-
探索 OpenText 的合作夥伴解決方案目錄
應用程式市集
社群
探索我們的 OpenText 社群。與個人及公司聯繫以獲得見解和支持。參與討論。
-
探索想法、參與討論並拓展人脈
OpenText 社群
OpenText Static Application Security Testing resources
OpenText Static Application Security Testing (SAST)
Read the data sheetSupport and documentation
View the documentationKnowledge base
View the knowledge base portalOpenText Static Application Security Testing (SAST)
Read the data sheetSupport and documentation
View the documentationKnowledge base
View the knowledge base portal-
Static application security testing (SAST) analyzes application source code, bytecode, or binaries to detect security vulnerabilities during development. Identifying risks like early in the software development lifecycle (SDLC), makes remediation faster and less expensive.
-
OpenText SAST is a static analysis solution supporting 33+ programming languages and integrating with developer tools, CI/CD pipelines, and ticketing systems. It combines deep static analysis with vulnerability coverage mapped to standards such as OWASP Top 10, CWE, and NIST.
-
SAST helps developers embed security into early software development. OpenText SAST integrates with IDEs (e.g., Visual Studio®, IntelliJ®), build tools (e.g., Maven, Gradle), and CI/CD platforms (e.g., Jenkins™, Azure DevOps®), allowing security scans to run automatically during coding and builds.
-
While SAST primarily analyzes proprietary code, OpenText complements it with Software Composition Analysis (SCA) tools that identify risks in open-source libraries, such as known vulnerabilities, outdated components, and licensing issues.
-
OpenText SAST supports web, mobile, desktop, and cloud-native applications across a wide range of languages including Java, .NET, JavaScript, Python, C/C++, Swift, Kotlin, Go, and more. It also handles infrastructure-as-code (IaC), containers, and APIs.
-
OpenText SAST provides out-of-the-box support for security and compliance frameworks such as OWASP Top 10, PCI DSS, NIST 800-53, and ISO 27001. The platform delivers policy-based scan management, audit-ready reporting, and dashboards that demonstrate risk posture and remediation progress.
-
OpenText Static Application Security Testing offers flexible deployment on-premises for full control and customization, as hosted and managed scanning infrastructure where your team submits code remotely, and as a fully managed experience (OpenText™ Core Application Security).
-
OpenText SAST includes support for popular IDEs like Visual Studio, IntelliJ, and Eclipse®, as well as CI/CD tools such as Jenkins, GitHub Actions®, GitLab CI®, Azure DevOps, and Bamboo™. The platform also integrates with issue tracking systems like Jira®, enabling automatic ticket creation.
Smarter, faster AppSec
Turn SAST findings into learning, helping developers quickly remediate vulnerabilities.
Read the blog
Why SAST false positives are inevitable
Explore why false positives in SAST tools occur, the trade-offs involved, and how to manage them.
Read the blog
Why SAST + SCA is the key to protecting your organization in 2025
Software supply chain risk continues to rise—156% year-over-year increase in malicious attacks.
Read the blog
Customers’ Choice
OpenText recognized for Application Security Testing on Gartner® Peer Insights™︎.
Read the blog
Generative AI: A double-edged sword for application security
IDC predicts that by 2026, 40% of net-new applications will incorporate AI.
Read the blog
OpenText named a Leader in Critical Capabilities by Gartner
OpenText is a Leader in SAST and DAST, and one of the only vendors that moved up in the quadrant.
Read the blogWhat is static application security testing (SAST)
Learn moreCybersecurity in a Web 3.0 world
Learn more5 reasons why SAST + DAST with OpenText makes sense
Learn moreOpenText SAST tools
View the community pageWhat is static application security testing (SAST)
Learn moreCybersecurity in a Web 3.0 world
Learn more5 reasons why SAST + DAST with OpenText makes sense
Learn moreOpenText SAST tools
View the community page-
OpenText™ Core Application Security
Unlock security testing, vulnerability management, and tailored expertise and support
-
OpenText™ Dynamic Application Security Testing
Scan, test, and identify security vulnerabilities in apps and services
-
OpenText™ Application Security Aviator
Secure smarter, not harder with AI code analysis and code fix suggestions
-
OpenText™ Core Software Composition Analysis
Take full control of open source security, compliance, and health
