It's been two months since this profile received a new review

OpenText Static Application Security Testing Reviews & Product Details

OpenText™ Static Application Security Testing (SAST) is a comprehensive solution designed to identify and remediate security vulnerabilities within an application's source code during the early stages of development. By analyzing code from the "inside out," SAST provides immediate feedback to developers, enabling them to address security issues promptly and effectively. Key Features and Functionality: - Extensive Language Support: Supports over 33 programming languages and more than 1,400 vulnerability categories, ensuring broad applicability across various development environments. - Integration with Development Tools: Seamlessly integrates with popular Integrated Development Environments (IDEs) such as Eclipse, Visual Studio, and JetBrains, as well as Continuous Integration/Continuous Deployment (CI/CD) tools like Jenkins and Bamboo, facilitating a smooth incorporation into existing workflows. - Scalable Deployment Options: Offers flexible deployment models, including on-premises, cloud-based, and Software as a Service (SaaS) solutions, allowing organizations to choose the setup that best fits their needs. - Advanced Analysis Capabilities: Utilizes multiple algorithms and an expansive knowledge base of secure coding rules to perform thorough code analysis, pinpointing the root causes of vulnerabilities and providing detailed remediation guidance. Primary Value and Problem Solved: OpenText SAST empowers organizations to proactively manage application security by detecting and addressing vulnerabilities early in the Software Development Life Cycle (SDLC). This proactive approach reduces the risk of security breaches, minimizes the cost and effort associated with late-stage remediation, and enhances the overall security posture of applications. By integrating security testing into the development process, OpenText SAST helps developers create more secure code, leading to robust and reliable software products.

Seller

OpenText

Discussions

OpenText Static Application Security Testing Community

Overview by

Sandra Herber

Value at a Glance

Averages based on real user reviews.

Perceived Cost

$$$$$

View More Pricing Information

Top-Rated Alternatives

View All Alternatives

OpenText Static Application Security Testing Integrations

(4)

Integration information sourced from real user reviews.

OpenText Static Application Security Testing Reviews (24)

G2 reviews are authentic and verified.

Here's how.

Lokesh T.

Sr. Security Engineer

Mid-Market (51-1000 emp.)

1/27/2025

"Fortify Static Code Analyzer (SCA)"

4/5

What do you like best about OpenText Static Application Security Testing?

Fortify SCA is having large Technologies Stack support, It supports more then 34+ Languages for Static Analysis. And also he is having huge integration capabalities with other third party tools. Review collected by and hosted on G2.com.

What do you dislike about OpenText Static Application Security Testing?

It gives few False Positive, which i didnt liked, But to manage false positive, we can make use of feature called, ignore teh issues, where once it is ignored, then it wont be availabe in furthr scans. Review collected by and hosted on G2.com.

Nav N.

IT Consultant

Small-Business (50 or fewer emp.)

10/27/2022

"Efficient and easy to use Code Analyzer"

4.5/5

What do you like best about OpenText Static Application Security Testing?

Fortify is an excellent code analyzer. Its plugins are handy as compared to other solutions. It can quickly and accurately identify errors. We can efficiently address critical errors and warnings. It can scan the code in real time. Fortify Static Code Analyzer is handy for CI/CD programs. We can resolve the issues quickly at the development level. It is efficient and time-saving also. It can be easily integrated with Android Studio, Visual Studio, IntelliJ, etc. Fortify Static Code Analyzer notifies us on time if there are any security leaks. All the features are very beneficial once you know their proper functionalities, Review collected by and hosted on G2.com.

What do you dislike about OpenText Static Application Security Testing?

The price of Fortify Static Code Analyzer is a bit high. Also, sometimes we can face troubleshooting issues. Other functionalities can also be improved to make it more handy and easy to use. Review collected by and hosted on G2.com.

Varun J.

Principal Consultant

Enterprise (> 1000 emp.)

9/21/2022

"Veteran & Powerful SCA tool"

4.5/5

What do you like best about OpenText Static Application Security Testing?

Fortify has been the first choice for doing secure (static) code analysis for many years because

1. Languages support - it supports both legacy and modern development languages.

2. Deployment Model - on-prem, cloud, Security as a service (FOD)

3. Technical support - Fortify not only helps the new onboarded customers with detailed documentation but also provides good trainings Review collected by and hosted on G2.com.

What do you dislike about OpenText Static Application Security Testing?

There is a native issue of false positives with all the SCA tools. Which somehow decreases the value and increases the turn around time for finding the exact true positives Review collected by and hosted on G2.com.

Mohsin K.

Information Security Manager

Small-Business (50 or fewer emp.)

9/7/2022

"Absolute Stunner! Efficient IDE support in a SAST!"

4.5/5

What do you like best about OpenText Static Application Security Testing?

Friendly and Efficient Integrations - IntelliJ, VS, Android Studio, etc. Organized Dashboard and their absolutely wonderful reporting platform. It really helped us achieve our compliance goals! Review collected by and hosted on G2.com.

What do you dislike about OpenText Static Application Security Testing?

Fortify should develop a DAST setup as well, this would really marginalize our input and time efficiency. Review collected by and hosted on G2.com.

Tejas P.

Sr. DevOps Engineer

Enterprise (> 1000 emp.)

9/15/2022

"efficient scanning tool"

3.5/5

What do you like best about OpenText Static Application Security Testing?

Exact pinpointing of issues in code and suggestions to fix them. Review collected by and hosted on G2.com.

What do you dislike about OpenText Static Application Security Testing?

bit costly, also bit difficult to set up at intial. Review collected by and hosted on G2.com.

Mohammed Imran A.

DevOps Specialist

Mid-Market (51-1000 emp.)

9/7/2022

"This is a code scanning tool which does it job perfectly. it show the vulnerabilities in a code."

4/5

What do you like best about OpenText Static Application Security Testing?

It shows how to fix the vulnerable code. Review collected by and hosted on G2.com.

What do you dislike about OpenText Static Application Security Testing?

i did not find the automatic way to create the projects. Review collected by and hosted on G2.com.

Abhishikt V.

Security Engineer 2

Enterprise (> 1000 emp.)

9/27/2022

"Experienced Security Test Engineer in the cloud security, Supplychain security, health care."

5/5

What do you like best about OpenText Static Application Security Testing?

Ease of using, deployment in CI/CD & the custom ruleset/report creation. Review collected by and hosted on G2.com.

What do you dislike about OpenText Static Application Security Testing?

Heavily depends on JRE configs, which makes compiling & running slower. Review collected by and hosted on G2.com.

Vis C.

Software Security Technical Director

Enterprise (> 1000 emp.)

5/18/2022

"A worthy SAST product for any software's source code security"

4.5/5

What do you like best about OpenText Static Application Security Testing?

Wide range of programming language support, Ability to generate FPR files from CICD pipelines, Externalization of scans into another server for performance reasons. Review collected by and hosted on G2.com.

What do you dislike about OpenText Static Application Security Testing?

Slow at times to complete at large number of files in a heavy software. Review collected by and hosted on G2.com.

Verified User in Computer Software

Enterprise (> 1000 emp.)

4/19/2022

"Fortify is best tool to scan source code"

5/5

What do you like best about OpenText Static Application Security Testing?

I like fortify to scan source code in deply. It will compile the code and find the vulnerabilities. No others tools compile the code scan. Most important thing is result. It will find all critical issues. Review collected by and hosted on G2.com.

What do you dislike about OpenText Static Application Security Testing?

Sometimes it will show more duplicate issue. Developer should work on this and resolved it. Review collected by and hosted on G2.com.

Mohit G.

Asst. Vice President - Information Security

Enterprise (> 1000 emp.)

9/14/2021

"Value for Money"

4/5

What do you like best about OpenText Static Application Security Testing?

It is an on-prem solution and is compatible with most of the commonly used languages. It can get the scan results verified by an audit assistant that will further reduce the false positives. Very easy to install and can be deployed over windows or Linux machines. SSC module can be utilized for better reporting and tracking. Furthermore, it can be integrated with CI/CD pipelines for automated assessments. Review collected by and hosted on G2.com.

What do you dislike about OpenText Static Application Security Testing?

Reporting can be me more intelligent, and false positives are little on the higher side. Review collected by and hosted on G2.com.

What problems is OpenText Static Application Security Testing solving and how is that benefiting you?

Primarily used for Application source code assessments by integrating it with DevSecOps pipeline. That helps us to automate the assessment process and remediate the vulnerabilities in the early stages of the development. That enables the developers to release new features timely. Review collected by and hosted on G2.com.