Name: Static Application Security Testing: Fortify Static Code Analyzer | Micro Focus
Brand: Micro Focus

Fortify Static Code Analyzer

Build secure software fast. Find security issues early and fix at the speed of DevOps.

Automated static code analysis helps developers eliminate vulnerabilities and build secure software.

Code securely with integrated SAST

Developers find and fix security defects in real-time during the coding process, with integrations to IDEs. Learn more.

Cover languages that developers use

Gain comprehensive, accurate language coverage and enable compliance. Learn more.

Launch fast, automated scans

Launch automated scans optimized for coverage or speed. Learn more.

Fix at the speed of DevOps

Drill into the source code details with our rich analysis results, which enable you to quickly triage and fix complex security issues. Learn more.

Automate security within CI/CD

Automate scans to enable developers on security. Learn more.

Scale your AppSec program

Secure custom and open source code with fast and highly optimized static scans. Learn more.

Dive deeper. Discover more.

Code securely with integrated SAST
Code securely with integrated SAST
Find and fix security vulnerabilities in real time with Security Assistant in the Eclipse or Visual Studio IDE with the developer’s security “spell checker.”

Gamified training supports developers' ability to create secure code.
DATA SHEET

Fortify Static Code Analyzer (SCA) Static Application Security Testing

INFOGRAPHIC

Fortify Security Assistant
Security Assistant for Visual Studio demo

Cover languages that developers use
Cover languages that developers use
Accurate support for 27 major languages and their frameworks, with agile updates backed by the industry-leading Software Security Research (SSR) team.

Enable compliance with broad vulnerability coverage, including 810 vulnerability categories for SAST that enable compliance with standards such as OWASP Top 10, CWE/SANS Top 25, DISA STIG, and PCI DSS.
WEB PAGE

Supported Languages

WEB PAGE

Fortify Taxonomy: Software Security Errors
Security Assistant overview -- security in the Eclipse IDE

Launch fast, automated scans
Launch fast, automated scans
Seamlessly launch scans locally from the Fortify platform or via your IDE and CI/CD pipeline.

Build secure software faster and gain valuable insight with a centralized management repository for scan results.

Software Security Center (SSC) enables organizations to automate all aspects of an application security program.
VALUE BRIEF

Static Code Analyzer

BUYER’S GUIDE

The 2019 TechBeacon Buyer’s Guide for Application Security
Demo of installing and using the Fortify Extension for Visual Studio 2019

Fix at the speed of DevOps
Fix at the speed of DevOps
Create filters and issue templates for developer-specific views.

Audit Assistant reduces manual audit time by removing up to 90% of false positives with machine learning-assisted auditing.

Audit Workbench enables rich analysis and automated triage.

Fix issues at the most efficient point with SmartView filters that show how issues are related from a data flow perspective.
WHITE PAPER

Fortify Audit Assistant

VIDEO

Smart View Demo
Fortify SSC to JIRA bug tracking integration

Automate security within CI/CD
Automate security within CI/CD
Automate security in the CI/CD pipeline with Swagger-supported RESTful APIs, GitHub repo, plugins for Bamboo, VSTS and Jenkins, and integration with open source component analysis tools.

Fortify SCA fits into existing development environments through scripts, plugins, and GUI tools so developers can get up and running quickly and easily.
WEB PAGE

Integration Ecosystem

WEB PAGE

Fortify Marketplace
Scanning your code with Fortify SCA in Visual Studio

Scale your AppSec program
Scale your AppSec program
ScanCentral enables scaling with a static analysis farm that can be dynamically scaled to meet the changing demands of the CI/CD pipeline.

Scan with flexible deployment. Fortify SAST is available on-premises, as a service, or in hybrid mode to fit your business needs. You can start quickly and expand your AppSec program centrally.
BROCHURE

Build Application Security into the Entire SDLC

VIDEO

Fortify demo with Visual Studio and Azure DevOps
ScanCentral Overview

OpenText Cloud

Fortify Static Code Analyzer

Automated static code analysis helps developers eliminate vulnerabilities and build secure software.

Code securely with integrated SAST

Cover languages that developers use

Launch fast, automated scans

Fix at the speed of DevOps

Automate security within CI/CD

Scale your AppSec program

Dive deeper. Discover more.

Code securely with integrated SAST

Code securely with integrated SAST

Cover languages that developers use

Cover languages that developers use

Launch fast, automated scans

Launch fast, automated scans

Fix at the speed of DevOps

Fix at the speed of DevOps

Automate security within CI/CD

Automate security within CI/CD

Scale your AppSec program

Scale your AppSec program

Case Studies

Related Products

Fortify Application Security

Fortify on Demand (FoD)

Fortify Software Security Center (SSC)

Fortify named #1 for the Enterprise in Gartner Critical Capabilities report

Get suggestions on how to build your Application Security Program

Gartner Magic Quadrant for Application Security Testing

Fortify named #1 for the Enterprise in Gartner Critical Capabilities report

Get suggestions on how to build your Application Security Program

Gartner Magic Quadrant for Application Security Testing

Additional Resources