# OpenText Static Application Security Testing Reviews **Vendor:** OpenText **Category:** [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast) **Average Rating:** 4.5/5.0 **Total Reviews:** 24 ## About OpenText Static Application Security Testing OpenTextâ„¢ Static Application Security Testing (SAST) is a comprehensive solution designed to identify and remediate security vulnerabilities within an application's source code during the early stages of development. By analyzing code from the "inside out," SAST provides immediate feedback to developers, enabling them to address security issues promptly and effectively. Key Features and Functionality: - Extensive Language Support: Supports over 33 programming languages and more than 1,400 vulnerability categories, ensuring broad applicability across various development environments. - Integration with Development Tools: Seamlessly integrates with popular Integrated Development Environments (IDEs) such as Eclipse, Visual Studio, and JetBrains, as well as Continuous Integration/Continuous Deployment (CI/CD) tools like Jenkins and Bamboo, facilitating a smooth incorporation into existing workflows. - Scalable Deployment Options: Offers flexible deployment models, including on-premises, cloud-based, and Software as a Service (SaaS) solutions, allowing organizations to choose the setup that best fits their needs. - Advanced Analysis Capabilities: Utilizes multiple algorithms and an expansive knowledge base of secure coding rules to perform thorough code analysis, pinpointing the root causes of vulnerabilities and providing detailed remediation guidance. Primary Value and Problem Solved: OpenText SAST empowers organizations to proactively manage application security by detecting and addressing vulnerabilities early in the Software Development Life Cycle (SDLC). This proactive approach reduces the risk of security breaches, minimizes the cost and effort associated with late-stage remediation, and enhances the overall security posture of applications. By integrating security testing into the development process, OpenText SAST helps developers create more secure code, leading to robust and reliable software products. ## OpenText Static Application Security Testing Pros & Cons **What users like:** - Users value the **easy integrations** with third-party tools in OpenText Static Application Security Testing, enhancing overall workflow efficiency. (1 reviews) - Users value the **extensive integration capabilities** of OpenText Static Application Security Testing, enhancing their security workflow seamlessly. (1 reviews) - Users appreciate the **extensive integration support** of OpenText Static Application Security Testing, enhancing compatibility with various tools. (1 reviews) **What users dislike:** - Users experience **few false positives** , which can hinder the testing process despite having an ignore feature. (1 reviews) ## OpenText Static Application Security Testing Reviews ### 1. Fortify Static Code Analyzer (SCA) **Rating:** 4.0/5.0 stars **Reviewed by:** Lokesh T. | Sr. Security Engineer, Mid-Market (51-1000 emp.) **Reviewed Date:** January 27, 2025 **What do you like best about OpenText Static Application Security Testing?** Fortify SCA is having large Technologies Stack support, It supports more then 34+ Languages for Static Analysis. And also he is having huge integration capabalities with other third party tools. **What do you dislike about OpenText Static Application Security Testing?** It gives few False Positive, which i didnt liked, But to manage false positive, we can make use of feature called, ignore teh issues, where once it is ignored, then it wont be availabe in furthr scans. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** It is a powerfull Static Analysis tool. where it helps in identifying vulnerabilities in 1st part code. And also for me it helped in building DevSecOps Pipeline ### 2. Efficient and easy to use Code Analyzer **Rating:** 4.5/5.0 stars **Reviewed by:** Nav N. | IT Consultant, Small-Business (50 or fewer emp.) **Reviewed Date:** October 27, 2022 **What do you like best about OpenText Static Application Security Testing?** Fortify is an excellent code analyzer. Its plugins are handy as compared to other solutions. It can quickly and accurately identify errors. We can efficiently address critical errors and warnings. It can scan the code in real time. Fortify Static Code Analyzer is handy for CI/CD programs. We can resolve the issues quickly at the development level. It is efficient and time-saving also. It can be easily integrated with Android Studio, Visual Studio, IntelliJ, etc. Fortify Static Code Analyzer notifies us on time if there are any security leaks. All the features are very beneficial once you know their proper functionalities, **What do you dislike about OpenText Static Application Security Testing?** The price of Fortify Static Code Analyzer is a bit high. Also, sometimes we can face troubleshooting issues. Other functionalities can also be improved to make it more handy and easy to use. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** It helps to fix coding errors in real-time. The dashboard is easy to use to keep track of all mistakes and security risks. Development and Deployment have become much simple and easier. It also saves a lot of time. ### 3. Veteran & Powerful SCA tool **Rating:** 4.5/5.0 stars **Reviewed by:** Varun J. | Principal Consultant, Enterprise (> 1000 emp.) **Reviewed Date:** September 21, 2022 **What do you like best about OpenText Static Application Security Testing?** Fortify has been the first choice for doing secure (static) code analysis for many years because 1. Languages support - it supports both legacy and modern development languages. 2. Deployment Model - on-prem, cloud, Security as a service (FOD) 3. Technical support - Fortify not only helps the new onboarded customers with detailed documentation but also provides good trainings **What do you dislike about OpenText Static Application Security Testing?** There is a native issue of false positives with all the SCA tools. Which somehow decreases the value and increases the turn around time for finding the exact true positives **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Fortify integrates with CICD pipeline which helps to write secure code and it's plugin for various IDEs gives the developers early feedback , so that the application being deployed in production is vulnerability free and more secure ### 4. Absolute Stunner! Efficient IDE support in a SAST! **Rating:** 4.5/5.0 stars **Reviewed by:** Mohsin K. | Information Security Manager, Small-Business (50 or fewer emp.) **Reviewed Date:** September 07, 2022 **What do you like best about OpenText Static Application Security Testing?** Friendly and Efficient Integrations - IntelliJ, VS, Android Studio, etc. Organized Dashboard and their absolutely wonderful reporting platform. It really helped us achieve our compliance goals! **What do you dislike about OpenText Static Application Security Testing?** Fortify should develop a DAST setup as well, this would really marginalize our input and time efficiency. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Compliance Risk Management Development Efficiency Fortify provides us with absolute defense. ### 5. efficient scanning tool **Rating:** 3.5/5.0 stars **Reviewed by:** Tejas P. | Sr. DevOps Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** September 15, 2022 **What do you like best about OpenText Static Application Security Testing?** Exact pinpointing of issues in code and suggestions to fix them. **What do you dislike about OpenText Static Application Security Testing?** bit costly, also bit difficult to set up at intial. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Source code analysis, finding a vulnerability. Used it for security as well. ### 6. This is a code scanning tool which does it job perfectly. it show the vulnerabilities in a code. **Rating:** 4.0/5.0 stars **Reviewed by:** Mohammed Imran A. | DevOps Specialist, Mid-Market (51-1000 emp.) **Reviewed Date:** September 07, 2022 **What do you like best about OpenText Static Application Security Testing?** It shows how to fix the vulnerable code. **What do you dislike about OpenText Static Application Security Testing?** i did not find the automatic way to create the projects. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** It helped me and my team to clean the code and upgrade the erroneous plugins in the code. Helped the code quality. ### 7. Experienced Security Test Engineer in the cloud security, Supplychain security, health care. **Rating:** 5.0/5.0 stars **Reviewed by:** Abhishikt V. | Security Engineer 2, Enterprise (> 1000 emp.) **Reviewed Date:** September 27, 2022 **What do you like best about OpenText Static Application Security Testing?** Ease of using, deployment in CI/CD & the custom ruleset/report creation. **What do you dislike about OpenText Static Application Security Testing?** Heavily depends on JRE configs, which makes compiling & running slower. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Static Security code analysis ### 8. A worthy SAST product for any software's source code security **Rating:** 4.5/5.0 stars **Reviewed by:** Vis C. | Software Security Technical Director, Enterprise (> 1000 emp.) **Reviewed Date:** May 18, 2022 **What do you like best about OpenText Static Application Security Testing?** Wide range of programming language support, Ability to generate FPR files from CICD pipelines, Externalization of scans into another server for performance reasons. **What do you dislike about OpenText Static Application Security Testing?** Slow at times to complete at large number of files in a heavy software. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Security of software source code. SAST! ### 9. Fortify is best tool to scan source code **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Computer Software | Enterprise (> 1000 emp.) **Reviewed Date:** April 19, 2022 **What do you like best about OpenText Static Application Security Testing?** I like fortify to scan source code in deply. It will compile the code and find the vulnerabilities. No others tools compile the code scan. Most important thing is result. It will find all critical issues. **What do you dislike about OpenText Static Application Security Testing?** Sometimes it will show more duplicate issue. Developer should work on this and resolved it. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Fortify find all the low to critical risk issue and make the application secure. As well as it will provide the very simple report to developer should understand the remediation and fix it. ### 10. Value for Money **Rating:** 4.0/5.0 stars **Reviewed by:** Mohit G. | Asst. Vice President - Information Security , Enterprise (> 1000 emp.) **Reviewed Date:** September 14, 2021 **What do you like best about OpenText Static Application Security Testing?** It is an on-prem solution and is compatible with most of the commonly used languages. It can get the scan results verified by an audit assistant that will further reduce the false positives. Very easy to install and can be deployed over windows or Linux machines. SSC module can be utilized for better reporting and tracking. Furthermore, it can be integrated with CI/CD pipelines for automated assessments. **What do you dislike about OpenText Static Application Security Testing?** Reporting can be me more intelligent, and false positives are little on the higher side. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Primarily used for Application source code assessments by integrating it with DevSecOps pipeline. That helps us to automate the assessment process and remediate the vulnerabilities in the early stages of the development. That enables the developers to release new features timely. ### 11. Must have to secure your Modern Cloud Applications **Rating:** 5.0/5.0 stars **Reviewed by:** Jobin T. | Software Engineer II, Enterprise (> 1000 emp.) **Reviewed Date:** March 25, 2021 **What do you like best about OpenText Static Application Security Testing?** The ease of use and an intuitive UI makes using the Fortify Static Code Analyzer quite easy for people who are new to it. A topic as complex as Security becomes manageable as the tool provides detailed reports on what the vulnerabilities are with their severity level and quite an extensive description of what is causing the vulnerability and recommendations to fix it. This makes life for the developers who might be new to Security. **What do you dislike about OpenText Static Application Security Testing?** Some newer language syntax of certain languages like Java 8+ might not be understood by Fortify which leads to false positives. Also, certain non-fixeable vulnerabilities for which exceptions were provided would pop back up once in a while, which is a bit annoying. **Recommendations to others considering OpenText Static Application Security Testing:** It's an amazing tool to start your journey towards making your application secure. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** We majorly solve security vulnerabilities that could be caused due to bad programming on our front and also weed out open source libraries that we use which could introduce vulnerabilities through their transient dependencies. Also as the vulnerability list keeps getting updated regularly we are made aware of any new issue that was recently reported allowing us to keep our application secure proactively. ### 12. Best Tool for Code Testing **Rating:** 5.0/5.0 stars **Reviewed by:** Touseeq Ali H. | Junior DevOps Engineer, Small-Business (50 or fewer emp.) **Reviewed Date:** March 29, 2021 **What do you like best about OpenText Static Application Security Testing?** it Supports Nearly all programming languages, the process of testing is very easy, every new update makes it more functional. all the vulnerabilities of all languages are being updated on time. **What do you dislike about OpenText Static Application Security Testing?** Some times it gives false positives, so we need to recheck it with other tools. please improve the vulnerabilities identification. **Recommendations to others considering OpenText Static Application Security Testing:** if you want a compact and easy to use tool for code testing the this is the one for you. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** due to this tool, we can say our DevOps becomes Devsecops. our code is secure, pipelines running smoothly. we are increasing our product performance and its functionality. ### 13. Awesome static code analzyer tool **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Computer & Network Security | Mid-Market (51-1000 emp.) **Reviewed Date:** March 19, 2021 **What do you like best about OpenText Static Application Security Testing?** Tool is really good. Specially i liked the ai feature.machine learning used is really good. **What do you dislike about OpenText Static Application Security Testing?** Need to improve on false positive. Some time results give general results for all th Language. For example some vulnerability does not applicable for java but it will show. So need to improve on that part. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** It help me alote in my sast part. I do reviews many scan results. Some time for quick results i can use ai feature. ### 14. Good coverage in terms of multiple language support **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Financial Services | Mid-Market (51-1000 emp.) **Reviewed Date:** March 23, 2021 **What do you like best about OpenText Static Application Security Testing?** Liked that it support multiple languages, which comes with a less price as compared to other commercial SAST tools. **What do you dislike about OpenText Static Application Security Testing?** When it comes to the detection, found couple of false positives, for example: found quite of null pointer exceptions which turns out to be incorrect. **Recommendations to others considering OpenText Static Application Security Testing:** It's obviously better than the open source tools available in the market. However, out need was to go for specific language based assessment. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Our need of having a commercial SAST tools was satisfied using Fortify. The reports were neat and easy to understand, plus time duration of the scans where fast compared to the other SAST tools in the market. ### 15. One of the trusted tools we use in our pipeline. Highly recommended. **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Telecommunications | Enterprise (> 1000 emp.) **Reviewed Date:** March 24, 2021 **What do you like best about OpenText Static Application Security Testing?** We like 1. the ease of onboarding 2. the ease of use it in command line 3. How it integrates with Gitlab CI and Jenkins seemlessly 4. The pdf report is useful to present the output to stakeholders and for auditing. **What do you dislike about OpenText Static Application Security Testing?** We rarely use dashboard. Since there are offshore and onshore restrictions, it is hard to give roles in the site. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** We are trying to be complaint with the company wide security policies. Our organization highly recommend to use Fortify in our CI pipeline.The process of integrating Fortify was rewarding, we fix lot of issues and learnt more from the report and insights. ### 16. A different static code review tool with additional customizable options. **Rating:** 4.5/5.0 stars **Reviewed by:** Asad B. | DevSecOps Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** March 22, 2021 **What do you like best about OpenText Static Application Security Testing?** I like the fact that the tool gives a detailed description of the highlighted issues and its very cost effective. Also better than checkmarx and white hat security. **What do you dislike about OpenText Static Application Security Testing?** Nothing much until now. Overall its a great tool than what i have reviewed before. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** I am using it for reviewing the in house applications of the company. ### 17. Great security features especially for cloud base infrastructure. **Rating:** 4.0/5.0 stars **Reviewed by:** ghariza e. | Security Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** March 19, 2021 **What do you like best about OpenText Static Application Security Testing?** Code scan duration is quite fast and the result is quite detail. **What do you dislike about OpenText Static Application Security Testing?** Integration process is very complicated. **Recommendations to others considering OpenText Static Application Security Testing:** SaaS solution would be more useful and easy to use. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Security flaws and misconfiguration and vulnerability on the development phase. ### 18. The Best among the breed **Rating:** 5.0/5.0 stars **Reviewed by:** Santhosh K. | Member, Enterprise (> 1000 emp.) **Reviewed Date:** July 08, 2020 **What do you like best about OpenText Static Application Security Testing?** When it comes to application security you cannot neglect the GAINT Microfocus Fortify. They offer a suite of products such as Fortify SCA, SSC, Audit Workbench, Application Defender, Web Inspect, and their cloud offering Fortify OnDemand to combat security threats for every type of organization. The most striking features of their Fortify are a good number of supported languages, a wide variety of integration capabilities with IDEs, and build servers(Jenkins, Bamboo, Visual Studio, Gradle & Make), Integration with various bug trackers such as Bugzilla, Jira, ALM Octane. **What do you dislike about OpenText Static Application Security Testing?** Analysis of COTS products will be a challenge with Fortify SCA. But there are other solutions such as Fortify Application Defender to deal with security of COTS product **Recommendations to others considering OpenText Static Application Security Testing:** Go for Fortify, This is the best solution in the market as per my analysis and it had proved to be the best in the breed so far. I have implemented it in most of the organisation I have worked in. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Application security vulnerabilities are the major problem we face that cannot be protected by traditional security practices. ### 19. Great **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User in Higher Education | Small-Business (50 or fewer emp.) **Reviewed Date:** April 12, 2021 **What do you like best about OpenText Static Application Security Testing?** It always pinpoint the security vulnerabilities! **What do you dislike about OpenText Static Application Security Testing?** Nothing so far based on my experience . **Recommendations to others considering OpenText Static Application Security Testing:** Should give it a try! **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** It alway provide detailed guidance on how to fix them so we can resolve the issues less time ### 20. Most updated Static Code Analyser **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Computer & Network Security | Small-Business (50 or fewer emp.) **Reviewed Date:** March 22, 2021 **What do you like best about OpenText Static Application Security Testing?** Can be integrated with CI/CD which reduces lots of manual works. Scans are fast and not time consuming **What do you dislike about OpenText Static Application Security Testing?** Must include docker files scanning mechanism **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Scans are done automatically and timely ### 21. simple and powerful **Rating:** 5.0/5.0 stars **Reviewed by:** Katja C. | Mid-Market (51-1000 emp.) **Reviewed Date:** June 02, 2020 **What do you like best about OpenText Static Application Security Testing?** Many different reports, explanations and recommendations on vulnerabilities, custom scripts, custom rules... **What do you dislike about OpenText Static Application Security Testing?** I recommend to have a hands on class or watch a detailed tutorial before starting to use the product. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** We are helping clients to set up an environment for source code analysis during their application development. We experienced that interpretation of results is simple. ### 22. fortify SCA **Rating:** 4.0/5.0 stars **Reviewed by:** Maggie Z. | Mid-Market (51-1000 emp.) **Reviewed Date:** August 18, 2020 **What do you like best about OpenText Static Application Security Testing?** detailed instruction/recommendation for code issues, easy to use **What do you dislike about OpenText Static Application Security Testing?** the product is pretty new to me, it seems easy to learn, provides lots of benefits to secure code **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** find bugs in the application, realize that secure app code is really important ### 23. Review of Micro Focus Fortify Static Code Analzyer **Rating:** 5.0/5.0 stars **Reviewed by:** Najeeb S. | Small-Business (50 or fewer emp.) **Reviewed Date:** August 19, 2020 **What do you like best about OpenText Static Application Security Testing?** Integrations with other programming languages. **What do you dislike about OpenText Static Application Security Testing?** Dated interface, except for smart view . **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Business requirement. ### 24. very useful for devops cycle and easy to operate **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User in Banking | Small-Business (50 or fewer emp.) **Reviewed Date:** August 25, 2020 **What do you like best about OpenText Static Application Security Testing?** Fortify SCA can directly detect vulnerability while coding if using plugin and its very usefull **What do you dislike about OpenText Static Application Security Testing?** Upgrading SCA must coincide with SSC and database **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Several vulnerabilities in the mobile application that could prevent SQL injection ## OpenText Static Application Security Testing Discussions - [will provide Video training course for this tool?](https://www.g2.com/discussions/49959-will-provide-video-training-course-for-this-tool) - 1 comment, 1 upvote - [What are the main components of Fortify?](https://www.g2.com/discussions/fortify-static-code-analyzer-what-are-the-main-components-of-fortify) - 1 comment - [View OpenText Static Application Security Testing pricing details and edition comparison](https://www.g2.com/products/opentext-static-application-security-testing/reviews?section=pricing&secure%5Bexpires_at%5D=2026-05-25+23%3A52%3A31+-0500&secure%5Bsession_id%5D=6a0ec90d-e61b-4fd5-8434-0a88bb7f6ed0&secure%5Btoken%5D=24911d88d37aa6f3da66a2fd72701fd80892e86d51e1e9588324b9b539b98ec9&format=llm_user) ## OpenText Static Application Security Testing Features **Administration** - API / Integrations - Extensibility **Agentic AI - Static Code Analysis** - Adaptive Learning - Natural Language Interaction - Proactive Assistance **Analysis** - Reporting and Analytics - Issue Tracking - Static Code Analysis - Code Analysis **Testing** - Command-Line Tools - Manual Testing - Test Automation - Compliance Testing - Black-Box Scanning - Detection Rate - False Positives **Agentic AI - Static Application Security Testing (SAST)** - Autonomous Task Execution ## Top OpenText Static Application Security Testing Alternatives - [SonarQube](https://www.g2.com/products/sonarqube/reviews) - 4.4/5.0 (140 reviews) - [Coverity](https://www.g2.com/products/coverity/reviews) - 4.2/5.0 (55 reviews) - [Checkmarx](https://www.g2.com/products/checkmarx/reviews) - 4.2/5.0 (32 reviews)