OpenText Static Application Security Testing Reviews & Product Details

The ease of use and an intuitive UI makes using the Fortify Static Code Analyzer quite easy for people who are new to it. A topic as complex as Security becomes manageable as the tool provides detailed reports on what the vulnerabilities are with their severity level and quite an extensive description of what is causing the vulnerability and recommendations to fix it. This makes life for the developers who might be new to Security. Review collected by and hosted on G2.com.

Some newer language syntax of certain languages like Java 8+ might not be understood by Fortify which leads to false positives. Also, certain non-fixeable vulnerabilities for which exceptions were provided would pop back up once in a while, which is a bit annoying. Review collected by and hosted on G2.com.

it Supports Nearly all programming languages, the process of testing is very easy, every new update makes it more functional. all the vulnerabilities of all languages are being updated on time. Review collected by and hosted on G2.com.

Some times it gives false positives, so we need to recheck it with other tools. please improve the vulnerabilities identification. Review collected by and hosted on G2.com.

Tool is really good. Specially i liked the ai feature.machine learning used is really good. Review collected by and hosted on G2.com.

Need to improve on false positive. Some time results give general results for all th Language. For example some vulnerability does not applicable for java but it will show. So need to improve on that part. Review collected by and hosted on G2.com.

Liked that it support multiple languages, which comes with a less price as compared to other commercial SAST tools. Review collected by and hosted on G2.com.

When it comes to the detection, found couple of false positives, for example: found quite of null pointer exceptions which turns out to be incorrect. Review collected by and hosted on G2.com.

We like

1. the ease of onboarding

2. the ease of use it in command line

3. How it integrates with Gitlab CI and Jenkins seemlessly

4. The pdf report is useful to present the output to stakeholders and for auditing. Review collected by and hosted on G2.com.

We rarely use dashboard. Since there are offshore and onshore restrictions, it is hard to give roles in the site. Review collected by and hosted on G2.com.

I like the fact that the tool gives a detailed description of the highlighted issues and its very cost effective.

Also better than checkmarx and white hat security. Review collected by and hosted on G2.com.

Nothing much until now. Overall its a great tool than what i have reviewed before. Review collected by and hosted on G2.com.

Code scan duration is quite fast and the result is quite detail. Review collected by and hosted on G2.com.

Integration process is very complicated. Review collected by and hosted on G2.com.

When it comes to application security you cannot neglect the GAINT Microfocus Fortify. They offer a suite of products such as Fortify SCA, SSC, Audit Workbench, Application Defender, Web Inspect, and their cloud offering Fortify OnDemand to combat security threats for every type of organization. The most striking features of their Fortify are a good number of supported languages, a wide variety of integration capabilities with IDEs, and build servers(Jenkins, Bamboo, Visual Studio, Gradle & Make), Integration with various bug trackers such as Bugzilla, Jira, ALM Octane. Review collected by and hosted on G2.com.

Analysis of COTS products will be a challenge with Fortify SCA. But there are other solutions such as Fortify Application Defender to deal with security of COTS product Review collected by and hosted on G2.com.

It always pinpoint the security vulnerabilities! Review collected by and hosted on G2.com.

Nothing so far based on my experience . Review collected by and hosted on G2.com.

Can be integrated with CI/CD which reduces lots of manual works. Scans are fast and not time consuming Review collected by and hosted on G2.com.

Must include docker files scanning mechanism Review collected by and hosted on G2.com.