Application Security

OpenText Static Application Security Testing (Fortify)

Find and fix security issues early with industry-leading accuracy

OpenText Static Application Security Testing platform dashboard image

OpenText recognized as a Customers' Choice by Gartner®Get the report

Overview

Identify application security issues at the source, prioritize critical risks, and get detailed guidance to fix them

OpenText™ Static Application Security Testing (Fortify) (SAST) identifies and remediates security vulnerabilities in source code with precision. Extensive language coverage and seamless CI/CD integration streamline security across the SDLC. Advanced static code analysis and AI-driven insights prioritize risks and enable developers to resolve vulnerabilities efficiently, reducing overall security risk.

Learn more

Why OpenText Static Application Security Testing?

Catch code vulnerabilities early, reducing development time and cost while integrating seamlessly into the SDLC. Identify twice as many vulnerabilities and reduce false positives, enabling faster, more efficient remediation.

Automate
security in the CI/CD pipeline
Integrate with CI/CD tools, including Jenkins, Jira, Atlassian Bamboo, Azure DevOps, Eclipse, and Microsoft Visual Studio.
95%
fewer false positives
Customize code analysis and apply rules to identify legitimate violations quickly, with multiple options to view results.
25%
faster development time
Identity and eliminate vulnerabilities early in development, with accurate results based on the OWASP 1.2b benchmark, improving speed and quality.

Integrating [OpenText SAST] has reduced the efforts required for code review, and the quality it provides is better than other market tools.

Susanta Roy
AppSec Manager, Accenture

Automating our security testing with [OpenText], we've covered almost 100% of our CI/CD pipelines, which amount to several tens of thousands, with SAST scans.

Filipe de Figueiredo Mendes
Security Specialist, Banco Bradesco

By integrating [OpenText SAST] into our CI/CD pipelines, we automate security testing and identify vulnerabilities early, reducing remediation costs and accelerating secure software delivery.

DevOps Engineer
Medium Enterprise Professional Services Company

…our testing efforts have been easier to quantify and manage both for first-time scans and periodic scans of software modules (at the review level when after developer teams turn the FPRs in).

ISSM/Program Security Engineer
Medium Enterprise Aerospace & Defense Company

[OpenText] helped us in finding vulnerabilities in our developer's code. The recommendation for each finding helped our developer to fix their code quickly. This will help secure the products we publish.

Manager
Medium Enterprise Internet Software & Services Company

Use cases

OpenText SAST delivers comprehensive security across many development languages while integrating with your dev tool of choice. Balance speed and accuracy with custom scan depth, reduce false positives with AI assistance, and scale dynamically.

Gain support for 1,657 vulnerability categories across 33+ languages, spanning more than one million individual APIs.
Gain control of the speed and accuracy of SAST by tuning the depth of the scan and minimizing false positives with Audit Assistant.
Achieve comprehensive shift-left security for cloud-native applications—from IaC to serverless—in a single solution.

Embed security into the application development tools you use with OpenText SAST’s integration ecosystem.
Dynamically scale SAST scans up or down to meet the changing demands of the CI/CD pipeline.
Choose the deployment option that’s right for you: on premises, in the cloud, or AppSec-as-a-service.

Key features

OpenText SAST integrates seamlessly with your workflow, offering flexible deployment options, multi-language support, real-time analysis, and AI-driven automation to enhance application security without sacrificing speed

Developer-friendly language coverage

Supports ABAP/BSP, ActionScript, Apex, ASP.NET, C# (.NET), C/C++, Classic, ASP (with VBScript), COBOL, ColdFusion CFML, Go, HTML, Java (including Android), JavaScript /AJAX, JSP, Kotlin, and more.

Flexible deployment options

Includes options such as the SaaS-based OpenText™ Core Application Security Testing platform, private hosted, which combines SaaS and on-premises features, and off-cloud, which offers full control over the application security testing solution.

Real-time code security analysis and results

Provides structural and configuration analyzers that are purpose built for speed and efficiency. Security Assistant only returns high-confidence findings with immediate results in the IDE.

Automation with applied machine learning

Provides automated audit results in minutes, minimizing auditor workload and prioritizing issues with accurate and consistent audit results.

ScanCentral

Enables lightweight packaging on the build server and provides a scalable, centralized scanning infrastructure.

Integrations

OpenText SAST provides accurate support for 33+ major languages and their frameworks, with agile updates backed by the industry-leading Software Security Research (SSR) team

SAP ABAP

Action Script

Angular

Apex

Microsoft ASP

Bicep

CSharp

C++

COBOL

Cold Fusion

Docker

Go Lang

HTML5

Java

Java Script

JSON

JSP

Kotlin

MXML

.Net

.NETCore

PL/SQL

Python

Ruby

Scala

Swift Trans

T-SQL

Terraform

Type Script

Microsoft Visual Basics

Visual Basic

Windows Mobile

XML

YAML

Accelerate the value of OpenText Static Application Security Testing

Deployment

OpenText offers deployment choice and flexibility for OpenText Static Application Security Testing.

Run anywhere and scale globally in the public cloud of your choice

OpenText Public Cloud (Multi-Tenant SaaS)
Extend your team

Off Cloud, on-premises software, managed by your organization or OpenText

Accelerate cloud strategies with OpenText cloud experts

OpenText Private Cloud (Single Tenant) on OpenText Cloud, AWS, GCP, or Azure
Develop, connect and extend your Information Management capabilities

API from OpenText Developer Cloud

Professional Services

OpenText Professional Services combines end-to-end solution implementation with comprehensive technology services to help improve systems.

Get a trusted partner to guide your information management path

Your journey to success
Accelerate your information management journey

Consulting Services

Propel your business into the future with modern solutions

NextGen Services
Unlock the full potential of your information management solution

Customer Success Services

Partners

OpenText helps customers find the right solution, the right support, and the right outcome.

Search OpenText's Partner directory

Find a Partner
Explore OpenText's Partner solutions catalog

Application Marketplace

Industry-leading organizations that enhance OpenText products and solutions

Strategic Partners

Communities

Explore our OpenText communities. Connect with individuals and companies to get insight and support. Get involved in the discussion.

Explore ideas, join discussions, and network

OpenText community

OpenText Static Application Security Testing resources

Customers’ Choice

OpenText recognized for Application Security Testing on Gartner® Peer Insights™︎.

Read the blog

Person wearing glasses looking at a computer screen

Auto-remediation: the future of AppSec?

Understand the limits of auto-remediation in securing applications.

Read the blog

Generative AI: A double-edged sword for application security

IDC predicts that by 2026, 40% of net-new applications will incorporate AI.

Read the blog

Smarter, faster AppSec

Turn SAST findings into learning, helping developers quickly remediate vulnerabilities.

Read the blog

Why SAST + SCA is the key to protecting your organization in 2025

Software supply chain risk continues to rise—156% year-over-year increase in malicious attacks.

Read the blog

OpenText named a Leader in Critical Capabilities by Gartner

OpenText is a Leader in SAST and DAST, and one of the only vendors that moved up in the quadrant.

Read the blog

Why SAST false positives are inevitable

Explore why false positives in SAST tools occur, the trade-offs involved, and how to manage them.

Read the blog

What is static application security testing (SAST)

Learn more

Cybersecurity in a Web 3.0 world

Read the flyer

5 reasons why SAST + DAST with OpenText makes sense

Get the reasons

OpenText SAST tools

View the community page

What is static application security testing (SAST)

Learn more

Cybersecurity in a Web 3.0 world

Read the flyer

5 reasons why SAST + DAST with OpenText makes sense

Get the reasons

OpenText SAST tools

View the community page

OpenText™ Core Application Security

Unlock security testing, vulnerability management, and tailored expertise and support
OpenText™ Dynamic Application Security Testing

Scan, test, and identify security vulnerabilities in apps and services
OpenText™ Application Security Aviator

Secure smarter, not harder with AI code analysis and code fix suggestions
OpenText™ Core Software Composition Analysis

Take full control of open source security, compliance, and health

Take the next step

Interested in learning more? An OpenText expert is ready to help.

Contact us

FeaturedFeatured

Analytics CloudAnalytics Cloud

Data Lakehouse & AnalyticsData Lakehouse & Analytics

BI, Visualization & ReportingBI, Visualization & Reporting

eDiscovery with AIeDiscovery with AI

OpenText™ Aviator Search

Business Network CloudBusiness Network Cloud

Supply Chain AutomationSupply Chain Automation

B2B IntegrationB2B Integration

Secure CollaborationSecure Collaboration

Supply Chain TraceabilitySupply Chain Traceability

Supply Chain InsightsSupply Chain Insights

Industry Applications and ServicesIndustry Applications and Services

OpenText™ Business Network Aviator

Content CloudContent Cloud

Document ManagementDocument Management

AI Content ManagementAI Content Management

Capture and Intelligent Document ProcessingCapture and Intelligent Document Processing

Process AutomationProcess Automation

Business IntegrationsBusiness Integrations

Information ArchivingInformation Archiving

Industry SolutionsIndustry Solutions

Information GovernanceInformation Governance

OpenText™ Content Aviator

Cybersecurity CloudCybersecurity Cloud

Application SecurityApplication Security

Data Privacy and ProtectionData Privacy and Protection

Threat Detection and ResponseThreat Detection and Response

Identity and Access ManagementIdentity and Access Management

Digital Investigations and ForensicsDigital Investigations and Forensics

Threat IntelligenceThreat Intelligence

OpenText™ Cybersecurity Aviator

DevOps CloudDevOps Cloud

DevOps PlatformDevOps Platform

Functional TestingFunctional Testing

PPM and Strategic Portfolio ManagementPPM and Strategic Portfolio Management

Quality ManagementQuality Management

Performance EngineeringPerformance Engineering

OpenText™ DevOps Aviator

Experience CloudExperience Cloud

Web & Mobile ExperiencesWeb & Mobile Experiences

Contact Center AnalyticsContact Center Analytics

Messaging & FaxMessaging & Fax

Customer CommunicationsCustomer Communications

Digital Asset ManagementDigital Asset Management

Customer Journey and DataCustomer Journey and Data

OpenText™ Experience Aviator

Observability and Service Management CloudObservability and Service Management Cloud

Service ManagementService Management

ObservabilityObservability

AIOpsAIOps

Automation and Vulnerability RemediationAutomation and Vulnerability Remediation

CMDB and Asset ManagementCMDB and Asset Management

OpenText™ Service Management Aviator

OpenText™ ThrustOpenText™ Thrust

OpenText™ Thrust bundleOpenText™ Thrust bundle

OpenText™ Aviator Thrust

PortfolioPortfolio

Enterprise Data Backup and Disaster Recovery SolutionsEnterprise Data Backup and Disaster Recovery Solutions

Unified Endpoint Management ToolsUnified Endpoint Management Tools

Hybrid Work, Email, and Team Collaboration Hybrid Work, Email, and Team Collaboration

Email Archiving, E-Discovery, Data Archiving ComplianceEmail Archiving, E-Discovery, Data Archiving Compliance

Connectivity and Document ManagementConnectivity and Document Management

Information reimaginedInformation reimagined

Artificial IntelligenceArtificial Intelligence

IndustryIndustry

Enterprise ApplicationsEnterprise Applications

Your journey to successYour journey to success

Customer SupportCustomer Support

Customer Success ServicesCustomer Success Services

Consulting ServicesConsulting Services

NextGen ServicesNextGen Services

Cloud MigrationCloud Migration

Learning ServicesLearning Services

Managed ServicesManaged Services

Find an OpenText PartnerFind an OpenText Partner

Find a Partner SolutionFind a Partner Solution

Grow as a PartnerGrow as a Partner

Become a Partner

Asset LibraryAsset Library

Featured

Analytics Cloud

Data Lakehouse & Analytics

BI, Visualization & Reporting

eDiscovery with AI

Business Network Cloud

Supply Chain Automation

B2B Integration

Secure Collaboration

Supply Chain Traceability

Supply Chain Insights

Industry Applications and Services

Content Cloud

Document Management

AI Content Management

Capture and Intelligent Document Processing

Process Automation

Business Integrations

Information Archiving

Industry Solutions

Information Governance

Cybersecurity Cloud

Application Security

Data Privacy and Protection

Threat Detection and Response

Identity and Access Management

Digital Investigations and Forensics

Threat Intelligence

DevOps Cloud

DevOps Platform

Functional Testing

PPM and Strategic Portfolio Management

Quality Management

Performance Engineering

Experience Cloud

Web & Mobile Experiences

Contact Center Analytics

Messaging & Fax

Customer Communications

Digital Asset Management

Customer Journey and Data

Observability and Service Management Cloud

Service Management

Observability

AIOps

Automation and Vulnerability Remediation

CMDB and Asset Management

OpenText™ Thrust

OpenText™ Thrust bundle

Portfolio

Enterprise Data Backup and Disaster Recovery Solutions

Unified Endpoint Management Tools

Hybrid Work, Email, and Team Collaboration

Email Archiving, E-Discovery, Data Archiving Compliance

Connectivity and Document Management

Information reimagined

Artificial Intelligence

Industry

Enterprise Applications

Your journey to success

Customer Support

Customer Success Services

Consulting Services

NextGen Services

Cloud Migration

Learning Services

Managed Services

Find an OpenText Partner

Find a Partner Solution

Grow as a Partner

Asset Library

Blogs

Events

Communities

Customer Stories

OpenText Navigator

Marketplace