Overview

OpenText™ Fortify Static Code Analyzer pinpoints the root cause of security vulnerabilities in the source code, prioritizes the most serious issues, and provides detailed guidance on how to fix them. Plus, centralized software security management helps developers resolve issues in less time.

How OpenText Fortify Static Code Analyzer can benefit business

Find security issues early

Customize code analysis and apply rules to identify violations quickly, with multiple options to view results.

Get fast and accurate scans

Identity and eliminate vulnerabilities in source, binary, or byte early in development, with accurate results based on the OWASP 1.2b Benchmark.

Automate security in the CI/CD pipeline

Integrate Fortify with CI/CD tools, including Jenkins, OpenText™ Software Delivery Management, Jira, Atlassian Bamboo, Azure DevOps, Eclipse, and Microsoft Visual Studio.

Reduce development time and cost

Embed Fortify into the SDLC to reduce development time and cost by up to 25%. Find twice as many vulnerabilities and reduce false positives up to 95%.

Why OpenText Fortify Static Code Analyzer?

Depth of coverage

Gain support for 1,657 vulnerability categories across 33+ languages, spanning more than one million individual APIs.

Easy integration

Embed security into application development tools you use, with OpenText Static Application Security Testing (SAST)’s integration ecosystem.

Speed vs. depth in SAST

Gain control of the speed and accuracy of SAST by tuning the depth of the scan and minimizing false positives with Audit Assistant.

Enterprise scaling

Dynamically scale SAST scans up or down to meet the changing demands of the CI/CD pipeline.

Securing cloud-native apps 

Achieve comprehensive shift-left security for cloud-native applications, from IaC to serverless, in a single solution.

Flexible deployment

Deploy our industry-leading SAST solution on premises, in the cloud, or AppSec-as-a-service.

Key features

Developer-friendly language coverage

Supports ABAP/BSP, ActionScript, Apex, ASP.NET, C# (.NET), C/C++, Classic, ASP (with VBScript), COBOL, ColdFusion CFML, Go, HTML, Java (including Android), JavaScript/AJAX, JSP, Kotlin, and more.

Flexible deployment options 

Includes options such as the SaaS-based Fortify On Demand platform, Fortify Hosted, which combines SaaS and on-premises features, and Fortify On-Prem, which offers full control over the Fortify solution.

Real-time code security analysis and results

Provides structural and configuration analyzers that are purpose built for speed and efficiency. Security Assistant only returns high-confidence findings with immediate results in the IDE.

Automation with applied machine learning

Provides automated audit results in minutes, minimizing auditor workload and prioritizing issues with accurate and consistent audit results.

ScanCentral

Enables lightweight packaging on the build server and provides a scalable, centralized, scanning infrastructure.