# OpenText Static Application Security Testing Reviews **Vendor:** OpenText **Category:** [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast) **Average Rating:** 4.5/5.0 **Total Reviews:** 24 ## About OpenText Static Application Security Testing OpenTextâ„¢ Static Application Security Testing (SAST) is a comprehensive solution designed to identify and remediate security vulnerabilities within an application's source code during the early stages of development. By analyzing code from the "inside out," SAST provides immediate feedback to developers, enabling them to address security issues promptly and effectively. Key Features and Functionality: - Extensive Language Support: Supports over 33 programming languages and more than 1,400 vulnerability categories, ensuring broad applicability across various development environments. - Integration with Development Tools: Seamlessly integrates with popular Integrated Development Environments (IDEs) such as Eclipse, Visual Studio, and JetBrains, as well as Continuous Integration/Continuous Deployment (CI/CD) tools like Jenkins and Bamboo, facilitating a smooth incorporation into existing workflows. - Scalable Deployment Options: Offers flexible deployment models, including on-premises, cloud-based, and Software as a Service (SaaS) solutions, allowing organizations to choose the setup that best fits their needs. - Advanced Analysis Capabilities: Utilizes multiple algorithms and an expansive knowledge base of secure coding rules to perform thorough code analysis, pinpointing the root causes of vulnerabilities and providing detailed remediation guidance. Primary Value and Problem Solved: OpenText SAST empowers organizations to proactively manage application security by detecting and addressing vulnerabilities early in the Software Development Life Cycle (SDLC). This proactive approach reduces the risk of security breaches, minimizes the cost and effort associated with late-stage remediation, and enhances the overall security posture of applications. By integrating security testing into the development process, OpenText SAST helps developers create more secure code, leading to robust and reliable software products. ## OpenText Static Application Security Testing Pros & Cons **What users like:** - Users value the **easy integrations** of OpenText Static Application Security Testing, enhancing compatibility with various third-party tools. (1 reviews) - Users value the **extensive integration capabilities** of OpenText Static Application Security Testing, enhancing their workflow with various tools. (1 reviews) - Users appreciate the **large technology stack support** of OpenText Static Application Security Testing, enhancing integration with various tools. (1 reviews) **What users dislike:** - Users find the **false positives** frustrating, but appreciate the option to ignore them in future scans. (1 reviews) ## OpenText Static Application Security Testing Reviews ### 1. Efficient and easy to use Code Analyzer **Rating:** 4.5/5.0 stars **Reviewed by:** Nav N. | IT Consultant, Small-Business (50 or fewer emp.) **Reviewed Date:** October 27, 2022 **What do you like best about OpenText Static Application Security Testing?** Fortify is an excellent code analyzer. Its plugins are handy as compared to other solutions. It can quickly and accurately identify errors. We can efficiently address critical errors and warnings. It can scan the code in real time. Fortify Static Code Analyzer is handy for CI/CD programs. We can resolve the issues quickly at the development level. It is efficient and time-saving also. It can be easily integrated with Android Studio, Visual Studio, IntelliJ, etc. Fortify Static Code Analyzer notifies us on time if there are any security leaks. All the features are very beneficial once you know their proper functionalities, **What do you dislike about OpenText Static Application Security Testing?** The price of Fortify Static Code Analyzer is a bit high. Also, sometimes we can face troubleshooting issues. Other functionalities can also be improved to make it more handy and easy to use. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** It helps to fix coding errors in real-time. The dashboard is easy to use to keep track of all mistakes and security risks. Development and Deployment have become much simple and easier. It also saves a lot of time. ### 2. Veteran & Powerful SCA tool **Rating:** 4.5/5.0 stars **Reviewed by:** Varun J. | Principal Consultant, Enterprise (> 1000 emp.) **Reviewed Date:** September 21, 2022 **What do you like best about OpenText Static Application Security Testing?** Fortify has been the first choice for doing secure (static) code analysis for many years because 1. Languages support - it supports both legacy and modern development languages. 2. Deployment Model - on-prem, cloud, Security as a service (FOD) 3. Technical support - Fortify not only helps the new onboarded customers with detailed documentation but also provides good trainings **What do you dislike about OpenText Static Application Security Testing?** There is a native issue of false positives with all the SCA tools. Which somehow decreases the value and increases the turn around time for finding the exact true positives **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Fortify integrates with CICD pipeline which helps to write secure code and it's plugin for various IDEs gives the developers early feedback , so that the application being deployed in production is vulnerability free and more secure ### 3. Absolute Stunner! Efficient IDE support in a SAST! **Rating:** 4.5/5.0 stars **Reviewed by:** Mohsin K. | Information Security Manager, Small-Business (50 or fewer emp.) **Reviewed Date:** September 07, 2022 **What do you like best about OpenText Static Application Security Testing?** Friendly and Efficient Integrations - IntelliJ, VS, Android Studio, etc. Organized Dashboard and their absolutely wonderful reporting platform. It really helped us achieve our compliance goals! **What do you dislike about OpenText Static Application Security Testing?** Fortify should develop a DAST setup as well, this would really marginalize our input and time efficiency. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Compliance Risk Management Development Efficiency Fortify provides us with absolute defense. ### 4. Experienced Security Test Engineer in the cloud security, Supplychain security, health care. **Rating:** 5.0/5.0 stars **Reviewed by:** Abhishikt V. | Security Engineer 2, Enterprise (> 1000 emp.) **Reviewed Date:** September 27, 2022 **What do you like best about OpenText Static Application Security Testing?** Ease of using, deployment in CI/CD & the custom ruleset/report creation. **What do you dislike about OpenText Static Application Security Testing?** Heavily depends on JRE configs, which makes compiling & running slower. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Static Security code analysis ### 5. A worthy SAST product for any software's source code security **Rating:** 4.5/5.0 stars **Reviewed by:** Vis C. | Software Security Technical Director, Enterprise (> 1000 emp.) **Reviewed Date:** May 18, 2022 **What do you like best about OpenText Static Application Security Testing?** Wide range of programming language support, Ability to generate FPR files from CICD pipelines, Externalization of scans into another server for performance reasons. **What do you dislike about OpenText Static Application Security Testing?** Slow at times to complete at large number of files in a heavy software. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Security of software source code. SAST! ### 6. Fortify is best tool to scan source code **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Computer Software | Enterprise (> 1000 emp.) **Reviewed Date:** April 19, 2022 **What do you like best about OpenText Static Application Security Testing?** I like fortify to scan source code in deply. It will compile the code and find the vulnerabilities. No others tools compile the code scan. Most important thing is result. It will find all critical issues. **What do you dislike about OpenText Static Application Security Testing?** Sometimes it will show more duplicate issue. Developer should work on this and resolved it. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Fortify find all the low to critical risk issue and make the application secure. As well as it will provide the very simple report to developer should understand the remediation and fix it. ### 7. Must have to secure your Modern Cloud Applications **Rating:** 5.0/5.0 stars **Reviewed by:** Jobin T. | Software Engineer II, Enterprise (> 1000 emp.) **Reviewed Date:** March 25, 2021 **What do you like best about OpenText Static Application Security Testing?** The ease of use and an intuitive UI makes using the Fortify Static Code Analyzer quite easy for people who are new to it. A topic as complex as Security becomes manageable as the tool provides detailed reports on what the vulnerabilities are with their severity level and quite an extensive description of what is causing the vulnerability and recommendations to fix it. This makes life for the developers who might be new to Security. **What do you dislike about OpenText Static Application Security Testing?** Some newer language syntax of certain languages like Java 8+ might not be understood by Fortify which leads to false positives. Also, certain non-fixeable vulnerabilities for which exceptions were provided would pop back up once in a while, which is a bit annoying. **Recommendations to others considering OpenText Static Application Security Testing:** It's an amazing tool to start your journey towards making your application secure. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** We majorly solve security vulnerabilities that could be caused due to bad programming on our front and also weed out open source libraries that we use which could introduce vulnerabilities through their transient dependencies. Also as the vulnerability list keeps getting updated regularly we are made aware of any new issue that was recently reported allowing us to keep our application secure proactively. ### 8. Best Tool for Code Testing **Rating:** 5.0/5.0 stars **Reviewed by:** Touseeq Ali H. | Junior DevOps Engineer, Small-Business (50 or fewer emp.) **Reviewed Date:** March 29, 2021 **What do you like best about OpenText Static Application Security Testing?** it Supports Nearly all programming languages, the process of testing is very easy, every new update makes it more functional. all the vulnerabilities of all languages are being updated on time. **What do you dislike about OpenText Static Application Security Testing?** Some times it gives false positives, so we need to recheck it with other tools. please improve the vulnerabilities identification. **Recommendations to others considering OpenText Static Application Security Testing:** if you want a compact and easy to use tool for code testing the this is the one for you. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** due to this tool, we can say our DevOps becomes Devsecops. our code is secure, pipelines running smoothly. we are increasing our product performance and its functionality. ### 9. Awesome static code analzyer tool **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Computer & Network Security | Mid-Market (51-1000 emp.) **Reviewed Date:** March 19, 2021 **What do you like best about OpenText Static Application Security Testing?** Tool is really good. Specially i liked the ai feature.machine learning used is really good. **What do you dislike about OpenText Static Application Security Testing?** Need to improve on false positive. Some time results give general results for all th Language. For example some vulnerability does not applicable for java but it will show. So need to improve on that part. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** It help me alote in my sast part. I do reviews many scan results. Some time for quick results i can use ai feature. ### 10. One of the trusted tools we use in our pipeline. Highly recommended. **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Telecommunications | Enterprise (> 1000 emp.) **Reviewed Date:** March 24, 2021 **What do you like best about OpenText Static Application Security Testing?** We like 1. the ease of onboarding 2. the ease of use it in command line 3. How it integrates with Gitlab CI and Jenkins seemlessly 4. The pdf report is useful to present the output to stakeholders and for auditing. **What do you dislike about OpenText Static Application Security Testing?** We rarely use dashboard. Since there are offshore and onshore restrictions, it is hard to give roles in the site. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** We are trying to be complaint with the company wide security policies. Our organization highly recommend to use Fortify in our CI pipeline.The process of integrating Fortify was rewarding, we fix lot of issues and learnt more from the report and insights. ### 11. A different static code review tool with additional customizable options. **Rating:** 4.5/5.0 stars **Reviewed by:** Asad B. | DevSecOps Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** March 22, 2021 **What do you like best about OpenText Static Application Security Testing?** I like the fact that the tool gives a detailed description of the highlighted issues and its very cost effective. Also better than checkmarx and white hat security. **What do you dislike about OpenText Static Application Security Testing?** Nothing much until now. Overall its a great tool than what i have reviewed before. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** I am using it for reviewing the in house applications of the company. ### 12. The Best among the breed **Rating:** 5.0/5.0 stars **Reviewed by:** Santhosh K. | Member, Enterprise (> 1000 emp.) **Reviewed Date:** July 08, 2020 **What do you like best about OpenText Static Application Security Testing?** When it comes to application security you cannot neglect the GAINT Microfocus Fortify. They offer a suite of products such as Fortify SCA, SSC, Audit Workbench, Application Defender, Web Inspect, and their cloud offering Fortify OnDemand to combat security threats for every type of organization. The most striking features of their Fortify are a good number of supported languages, a wide variety of integration capabilities with IDEs, and build servers(Jenkins, Bamboo, Visual Studio, Gradle & Make), Integration with various bug trackers such as Bugzilla, Jira, ALM Octane. **What do you dislike about OpenText Static Application Security Testing?** Analysis of COTS products will be a challenge with Fortify SCA. But there are other solutions such as Fortify Application Defender to deal with security of COTS product **Recommendations to others considering OpenText Static Application Security Testing:** Go for Fortify, This is the best solution in the market as per my analysis and it had proved to be the best in the breed so far. I have implemented it in most of the organisation I have worked in. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Application security vulnerabilities are the major problem we face that cannot be protected by traditional security practices. ### 13. simple and powerful **Rating:** 5.0/5.0 stars **Reviewed by:** Katja C. | Mid-Market (51-1000 emp.) **Reviewed Date:** June 02, 2020 **What do you like best about OpenText Static Application Security Testing?** Many different reports, explanations and recommendations on vulnerabilities, custom scripts, custom rules... **What do you dislike about OpenText Static Application Security Testing?** I recommend to have a hands on class or watch a detailed tutorial before starting to use the product. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** We are helping clients to set up an environment for source code analysis during their application development. We experienced that interpretation of results is simple. ### 14. Review of Micro Focus Fortify Static Code Analzyer **Rating:** 5.0/5.0 stars **Reviewed by:** Najeeb S. | Small-Business (50 or fewer emp.) **Reviewed Date:** August 19, 2020 **What do you like best about OpenText Static Application Security Testing?** Integrations with other programming languages. **What do you dislike about OpenText Static Application Security Testing?** Dated interface, except for smart view . **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Business requirement. ## OpenText Static Application Security Testing Discussions - [will provide Video training course for this tool?](https://www.g2.com/discussions/49959-will-provide-video-training-course-for-this-tool) - 1 comment, 1 upvote - [What are the main components of Fortify?](https://www.g2.com/discussions/fortify-static-code-analyzer-what-are-the-main-components-of-fortify) - 1 comment - [View OpenText Static Application Security Testing pricing details and edition comparison](https://www.g2.com/products/opentext-static-application-security-testing/reviews?filters%5Bnps_score%5D%5B%5D=5§ion=pricing&secure%5Bexpires_at%5D=2026-05-17+03%3A24%3A43+-0500&secure%5Bsession_id%5D=0c49ce7d-8b1c-4180-8a9c-431f90bbee65&secure%5Btoken%5D=95417e9a812603ef8b72bd515acfc66665117b258623de79b92bb8bcc6e9b14c&format=llm_user) ## OpenText Static Application Security Testing Features **Administration** - API / Integrations - Extensibility **Agentic AI - Static Code Analysis** - Adaptive Learning - Natural Language Interaction - Proactive Assistance **Analysis** - Reporting and Analytics - Issue Tracking - Static Code Analysis - Code Analysis **Testing** - Command-Line Tools - Manual Testing - Test Automation - Compliance Testing - Black-Box Scanning - Detection Rate - False Positives **Agentic AI - Static Application Security Testing (SAST)** - Autonomous Task Execution ## Top OpenText Static Application Security Testing Alternatives - [SonarQube](https://www.g2.com/products/sonarqube/reviews) - 4.4/5.0 (139 reviews) - [Coverity](https://www.g2.com/products/coverity/reviews) - 4.2/5.0 (55 reviews) - [Checkmarx](https://www.g2.com/products/checkmarx/reviews) - 4.2/5.0 (32 reviews)