# OpenText Static Application Security Testing Reviews **Vendor:** OpenText **Category:** [Static Application Security Testing (SAST) Software](https://www.g2.com/categories/static-application-security-testing-sast) **Average Rating:** 4.5/5.0 **Total Reviews:** 24 ## About OpenText Static Application Security Testing OpenTextâ„¢ Static Application Security Testing (SAST) is a comprehensive solution designed to identify and remediate security vulnerabilities within an application's source code during the early stages of development. By analyzing code from the "inside out," SAST provides immediate feedback to developers, enabling them to address security issues promptly and effectively. Key Features and Functionality: - Extensive Language Support: Supports over 33 programming languages and more than 1,400 vulnerability categories, ensuring broad applicability across various development environments. - Integration with Development Tools: Seamlessly integrates with popular Integrated Development Environments (IDEs) such as Eclipse, Visual Studio, and JetBrains, as well as Continuous Integration/Continuous Deployment (CI/CD) tools like Jenkins and Bamboo, facilitating a smooth incorporation into existing workflows. - Scalable Deployment Options: Offers flexible deployment models, including on-premises, cloud-based, and Software as a Service (SaaS) solutions, allowing organizations to choose the setup that best fits their needs. - Advanced Analysis Capabilities: Utilizes multiple algorithms and an expansive knowledge base of secure coding rules to perform thorough code analysis, pinpointing the root causes of vulnerabilities and providing detailed remediation guidance. Primary Value and Problem Solved: OpenText SAST empowers organizations to proactively manage application security by detecting and addressing vulnerabilities early in the Software Development Life Cycle (SDLC). This proactive approach reduces the risk of security breaches, minimizes the cost and effort associated with late-stage remediation, and enhances the overall security posture of applications. By integrating security testing into the development process, OpenText SAST helps developers create more secure code, leading to robust and reliable software products. ## OpenText Static Application Security Testing Pros & Cons **What users like:** - Users value the **easy integrations** with third-party tools in OpenText Static Application Security Testing, enhancing overall workflow efficiency. (1 reviews) - Users value the **extensive integration capabilities** of OpenText Static Application Security Testing, enhancing their security workflow seamlessly. (1 reviews) - Users appreciate the **extensive integration support** of OpenText Static Application Security Testing, enhancing compatibility with various tools. (1 reviews) **What users dislike:** - Users experience **few false positives** , which can hinder the testing process despite having an ignore feature. (1 reviews) ## OpenText Static Application Security Testing Reviews ### 1. Fortify Static Code Analyzer (SCA) **Rating:** 4.0/5.0 stars **Reviewed by:** Lokesh T. | Sr. Security Engineer, Mid-Market (51-1000 emp.) **Reviewed Date:** January 27, 2025 **What do you like best about OpenText Static Application Security Testing?** Fortify SCA is having large Technologies Stack support, It supports more then 34+ Languages for Static Analysis. And also he is having huge integration capabalities with other third party tools. **What do you dislike about OpenText Static Application Security Testing?** It gives few False Positive, which i didnt liked, But to manage false positive, we can make use of feature called, ignore teh issues, where once it is ignored, then it wont be availabe in furthr scans. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** It is a powerfull Static Analysis tool. where it helps in identifying vulnerabilities in 1st part code. And also for me it helped in building DevSecOps Pipeline ### 2. efficient scanning tool **Rating:** 3.5/5.0 stars **Reviewed by:** Tejas P. | Sr. DevOps Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** September 15, 2022 **What do you like best about OpenText Static Application Security Testing?** Exact pinpointing of issues in code and suggestions to fix them. **What do you dislike about OpenText Static Application Security Testing?** bit costly, also bit difficult to set up at intial. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Source code analysis, finding a vulnerability. Used it for security as well. ### 3. This is a code scanning tool which does it job perfectly. it show the vulnerabilities in a code. **Rating:** 4.0/5.0 stars **Reviewed by:** Mohammed Imran A. | DevOps Specialist, Mid-Market (51-1000 emp.) **Reviewed Date:** September 07, 2022 **What do you like best about OpenText Static Application Security Testing?** It shows how to fix the vulnerable code. **What do you dislike about OpenText Static Application Security Testing?** i did not find the automatic way to create the projects. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** It helped me and my team to clean the code and upgrade the erroneous plugins in the code. Helped the code quality. ### 4. Value for Money **Rating:** 4.0/5.0 stars **Reviewed by:** Mohit G. | Asst. Vice President - Information Security , Enterprise (> 1000 emp.) **Reviewed Date:** September 14, 2021 **What do you like best about OpenText Static Application Security Testing?** It is an on-prem solution and is compatible with most of the commonly used languages. It can get the scan results verified by an audit assistant that will further reduce the false positives. Very easy to install and can be deployed over windows or Linux machines. SSC module can be utilized for better reporting and tracking. Furthermore, it can be integrated with CI/CD pipelines for automated assessments. **What do you dislike about OpenText Static Application Security Testing?** Reporting can be me more intelligent, and false positives are little on the higher side. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Primarily used for Application source code assessments by integrating it with DevSecOps pipeline. That helps us to automate the assessment process and remediate the vulnerabilities in the early stages of the development. That enables the developers to release new features timely. ### 5. Good coverage in terms of multiple language support **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Financial Services | Mid-Market (51-1000 emp.) **Reviewed Date:** March 23, 2021 **What do you like best about OpenText Static Application Security Testing?** Liked that it support multiple languages, which comes with a less price as compared to other commercial SAST tools. **What do you dislike about OpenText Static Application Security Testing?** When it comes to the detection, found couple of false positives, for example: found quite of null pointer exceptions which turns out to be incorrect. **Recommendations to others considering OpenText Static Application Security Testing:** It's obviously better than the open source tools available in the market. However, out need was to go for specific language based assessment. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Our need of having a commercial SAST tools was satisfied using Fortify. The reports were neat and easy to understand, plus time duration of the scans where fast compared to the other SAST tools in the market. ### 6. Great security features especially for cloud base infrastructure. **Rating:** 4.0/5.0 stars **Reviewed by:** ghariza e. | Security Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** March 19, 2021 **What do you like best about OpenText Static Application Security Testing?** Code scan duration is quite fast and the result is quite detail. **What do you dislike about OpenText Static Application Security Testing?** Integration process is very complicated. **Recommendations to others considering OpenText Static Application Security Testing:** SaaS solution would be more useful and easy to use. **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Security flaws and misconfiguration and vulnerability on the development phase. ### 7. Great **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User in Higher Education | Small-Business (50 or fewer emp.) **Reviewed Date:** April 12, 2021 **What do you like best about OpenText Static Application Security Testing?** It always pinpoint the security vulnerabilities! **What do you dislike about OpenText Static Application Security Testing?** Nothing so far based on my experience . **Recommendations to others considering OpenText Static Application Security Testing:** Should give it a try! **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** It alway provide detailed guidance on how to fix them so we can resolve the issues less time ### 8. Most updated Static Code Analyser **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Computer & Network Security | Small-Business (50 or fewer emp.) **Reviewed Date:** March 22, 2021 **What do you like best about OpenText Static Application Security Testing?** Can be integrated with CI/CD which reduces lots of manual works. Scans are fast and not time consuming **What do you dislike about OpenText Static Application Security Testing?** Must include docker files scanning mechanism **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Scans are done automatically and timely ### 9. fortify SCA **Rating:** 4.0/5.0 stars **Reviewed by:** Maggie Z. | Mid-Market (51-1000 emp.) **Reviewed Date:** August 18, 2020 **What do you like best about OpenText Static Application Security Testing?** detailed instruction/recommendation for code issues, easy to use **What do you dislike about OpenText Static Application Security Testing?** the product is pretty new to me, it seems easy to learn, provides lots of benefits to secure code **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** find bugs in the application, realize that secure app code is really important ### 10. very useful for devops cycle and easy to operate **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User in Banking | Small-Business (50 or fewer emp.) **Reviewed Date:** August 25, 2020 **What do you like best about OpenText Static Application Security Testing?** Fortify SCA can directly detect vulnerability while coding if using plugin and its very usefull **What do you dislike about OpenText Static Application Security Testing?** Upgrading SCA must coincide with SSC and database **What problems is OpenText Static Application Security Testing solving and how is that benefiting you?** Several vulnerabilities in the mobile application that could prevent SQL injection ## OpenText Static Application Security Testing Discussions - [will provide Video training course for this tool?](https://www.g2.com/discussions/49959-will-provide-video-training-course-for-this-tool) - 1 comment, 1 upvote - [What are the main components of Fortify?](https://www.g2.com/discussions/fortify-static-code-analyzer-what-are-the-main-components-of-fortify) - 1 comment - [View OpenText Static Application Security Testing pricing details and edition comparison](https://www.g2.com/products/opentext-static-application-security-testing/reviews?filters%5Bnps_score%5D%5B%5D=4§ion=pricing&secure%5Bexpires_at%5D=2026-05-26+22%3A21%3A41+-0500&secure%5Bsession_id%5D=a402b17f-df85-4ff1-8de6-56e675b80380&secure%5Btoken%5D=67e4b7243909054ba12fc3695355d339f4f783524d29995165d3ff7d08f5c526&format=llm_user) ## OpenText Static Application Security Testing Features **Administration** - API / Integrations - Extensibility **Agentic AI - Static Code Analysis** - Adaptive Learning - Natural Language Interaction - Proactive Assistance **Analysis** - Reporting and Analytics - Issue Tracking - Static Code Analysis - Code Analysis **Testing** - Command-Line Tools - Manual Testing - Test Automation - Compliance Testing - Black-Box Scanning - Detection Rate - False Positives **Agentic AI - Static Application Security Testing (SAST)** - Autonomous Task Execution ## Top OpenText Static Application Security Testing Alternatives - [SonarQube](https://www.g2.com/products/sonarqube/reviews) - 4.4/5.0 (140 reviews) - [Coverity](https://www.g2.com/products/coverity/reviews) - 4.2/5.0 (55 reviews) - [Checkmarx](https://www.g2.com/products/checkmarx/reviews) - 4.2/5.0 (32 reviews)