Try our new research platform with insights from 80,000+ expert users
OpenText Static Application Security Testing Logo

OpenText Static Application Security Testing Reviews

Vendor: OpenText
4.1 out of 5
Leave a review

What is OpenText Static Application Security Testing?

OpenText Static Application Security Testing empowers teams with efficient vulnerability detection and streamlined secure coding practices, offering comprehensive language support and seamless integration with development tools.

Get the OpenText Static Application Security Testing Buyer's Guide and find out what your peers are saying about OpenText Static Application Security Testing, Veracode, Mend.io and more!
OpenText Static Application Security Testing is the #2 ranked solution in top Static Code Analysis solutions. PeerSpot users give OpenText Static Application Security Testing an average rating of 8.2 out of 10. OpenText Static Application Security Testing is most commonly compared to Veracode: OpenText Static Application Security Testing vs Veracode. OpenText Static Application Security Testing is popular among the large enterprise segment, accounting for 72% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 29% of all views.
Buyer's Guide
OpenText Static Application Security Testing
August 2025
Get the report
Helped 866,218 peers since 2012

Featured OpenText Static Application Security Testing reviews

Read more reviews

OpenText Static Application Security Testing mindshare

As of August 2025, the mindshare of OpenText Static Application Security Testing in the Static Code Analysis category stands at 10.9%, up from 10.5% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Static Code Analysis Market Share Distribution
ProductMarket Share (%)
OpenText Static Application Security Testing10.9%
Veracode24.2%
Checkmarx One15.9%
Other49.0%
Static Code Analysis

PeerResearch reports based on OpenText Static Application Security Testing reviews

TypeTitleDate
CategoryStatic Code AnalysisAug 29, 2025Download
ProductReviews, tips, and advice from real usersAug 29, 2025Download
ComparisonOpenText Static Application Security Testing vs VeracodeAug 29, 2025Download
ComparisonOpenText Static Application Security Testing vs Checkmarx OneAug 29, 2025Download
ComparisonOpenText Static Application Security Testing vs Mend.ioAug 29, 2025Download
Suggested products
TitleRatingMindshareRecommending
Veracode4.024.2%90%203 interviewsAdd to research
Mend.io4.28.2%96%31 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

OpenText Static Application Security Testing excels in flexibility, enabling seamless deployment in various DevOps contexts. Its robust code analysis identifies vulnerabilities, offering remediation guidance and minimizing false positives. The extensive language support spans both legacy and modern languages, ensuring secure coding practices. Its integration with IDEs and CI/CD pipelines enhances the software development lifecycle, allowing automation of security testing processes. Users value its user-friendly interface and comprehensive vulnerability tracking and reporting capabilities.
  • "My initial setup of Fortify Static Code Analyzer was good."
  • "We are satisfied with this solution."
  • "I recommend this product due to its good pricing, extensive language support, valuable features, and additional features like Fortify Academy."

Room for Improvement

OpenText Static Application Security Testing needs to enhance its language support and reduce false positives. It requires improved integration with IDEs and a simpler configuration process. The high memory usage and long scanning times for certain languages need optimization. Updates should occur more frequently, and the interface needs modernization. Its cost is a concern for smaller organizations, while integration with tools like Jira and Active Directory could be streamlined. Additionally, database compatibility and AI capabilities could be expanded.
  • "I have not seen a return on investment with Fortify Static Code Analyzer."
  • "I'm not sure if Fortify Static Code Analyzer has AI capabilities. Currently, this solution doesn't quite have what we need."
  • "The deployment of Fortify Static Code Analyzer needs to be simplified."

ROI

Organizations reported early identification of vulnerabilities saves costs in development. Members experienced a significant return ranging from ten to twenty times their initial investment. Continuous updates from OpenText introduced new features, enhancing its value. Assessors noted prevention of potential security breaches contributed to overall financial benefits, although some found it difficult to quantify. Others have seen no return but commended great communication and learning experiences with early vulnerability discovery saving costs in development.

Pricing

Enterprise users of OpenText Static Application Security Testing noted that its flexible licensing aligns with code-contributing developers and provides extensive access to the Fortify suite. However, the pricing is considered high, with some citing costs around $50K, making it suitable mainly for large organizations. Setup and customization may incur additional charges. While generally deemed expensive, some users appreciate the solution's robustness and find it competitive compared to other major market offerings.
  • "I rate the pricing of Fortify Static Code Analyzer as a seven out of ten since it is a bit expensive."
  • "The setup costs and pricing for Fortify may vary depending on the organization's needs and requirements."
  • "Although I am not responsible for the budget, Fortify SAST is expensive."

Popular Use Cases

Organizations primarily use OpenText Static Application Security Testing to identify vulnerabilities and security issues in software during the development cycle. It is integrated into build pipelines such as GitLab, Jenkins, and Azure DevOps to automate code scanning. The tool supports container images and various programming languages, ensuring comprehensive security checks. By conducting static analysis, it helps developers address vulnerabilities early, enhancing security throughout the software lifecycle.

Service and Support

OpenText Static Application Security Testing's customer service and support receive positive feedback. Users appreciate responsive customer service, proactive assistance, and dedicated premium support teams. Many highlight the assistance they receive as very satisfactory, although some suggest improvements in efficiency, such as live chat. While not all users engage directly with support, most find the help satisfactory and rate their interactions highly. Some experience delays with issues needing product enhancements, but technical support remains generally well-regarded.

Deployment

OpenText Static Application Security Testing's initial setup can range from simple to complex. Basic installations are straightforward, often as easy as deploying a VM. However, the enterprise version can be more challenging, requiring significant resources and time due to server and integration needs. Users noted the need for proper system configurations, database compatibility, and routine maintenance. Despite some complications, particularly in strict environments, users found setup manageable with available guides and support.

Scalability

OpenText Static Application Security Testing demonstrates considerable scalability, efficiently accommodating a wide range of users and project sizes. It integrates seamlessly with existing infrastructures and fits diverse organizational needs. Users mention exceptional performance when managing large codebases and multiple locations. Even though some users see room for improvement in expansion speed, the resource management features and integration capabilities help optimize development processes. Users often assign high importance to its scalability features.

Stability

OpenText Static Application Security Testing exhibits strong stability according to feedback. Users report minimal flaws post version 19.10, praising reliability without crashes or glitches. Performance can depend on hardware and network configurations. Those well-trained in Fortify SAST obtain better outcomes. The ease of use in deployment alongside satisfaction with security center results is noted. Ratings largely range between seven and ten out of ten, indicating consistent reliability.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our OpenText Static Application Security Testing Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business4
Midsize Enterprise2
Large Enterprise10
By reviewers
By visitors reading reviews
Company SizeCount
Small Business258
Midsize Enterprise134
Large Enterprise1005
By visitors reading reviews

Top industries

By visitors reading reviews
Financial Services Firm
29%
Computer Software Company
13%
Manufacturing Company
10%
Government
6%
Real Estate/Law Firm
4%
University
4%
Insurance Company
3%
Healthcare Company
3%
Retailer
3%
Comms Service Provider
2%
Energy/Utilities Company
2%
Educational Organization
2%
Consumer Goods Company
2%
Media Company
2%
Construction Company
2%
Aerospace/Defense Firm
2%
Transportation Company
2%
Performing Arts
1%
Legal Firm
1%
Outsourcing Company
1%
Non Profit
1%
Marketing Services Firm
1%
Hospitality Company
1%
Wholesaler/Distributor
1%

Compare OpenText Static Application Security Testing with alternative products

Go!

Learn more about OpenText Static Application Security Testing

OpenText Static Application Security Testing enhances software security during development by accurately identifying vulnerabilities with minimal false positives. It integrates seamlessly with IDEs and CI/CD pipelines, making it highly efficient for early detection of security issues. Users benefit from its easy setup, clear documentation, and centralized portal for managing security findings. Despite facing challenges like high costs and complex configurations for certain languages, its role in facilitating compliance and streamlining secure coding processes is indispensable. Improvements are needed in areas such as outdated design, language support, and integration capabilities to meet evolving user expectations.

What features does OpenText Static Application Security Testing offer?
  • Seamless IDE Integration: Integrates effortlessly with development environments for real-time feedback.
  • Comprehensive Language Support: Covers a wide range of programming languages, enhancing detection accuracy.
  • Centralized Security Portal: Provides a streamlined interface for managing vulnerabilities.
What benefits and ROI should users consider?
  • Enhanced Security: Identifies vulnerabilities early, preventing potential breaches.
  • Time Efficiency: Automates processes and speeds up remediation efforts.
  • Compliance Facilitation: Assists in adhering to security standards and regulations.

Organizations across diverse sectors implement OpenText Static Application Security Testing primarily to secure applications during development phases. Its integration with tools like GitLab, Jenkins, and Azure DevOps ensures a robust security pipeline. By combining with Sonatype Nexus, secure code, and library management is achieved effectively.

OpenText Static Application Security Testing was previously known as Fortify Static Code Analysis SAST.

Related questions

  • 48
What is the difference between SAST and SCA tools?
  • 6
When evaluating Static Code Analysis Software, what aspect do you think is the most important to look for?
  • 62
Differences between Black Duck & Veracode
  • 16
What is your recommended static code analysis tool for JavaScript and C/C++?
  • 5
Is there an automated way to validate and enforce requirements for application security when creating components, and cloud environments?
  • 8
Why is Static Code Analysis important for companies?

Product Categories

Product Categories
Static Code Analysis

Popular Comparisons

Popular Comparisons
Veracode vs OpenText Static Application Security Testing Logo
Veracode vs OpenText Static Application Security Testing
Mend.io vs OpenText Static Application Security Testing Logo
Mend.io vs OpenText Static Application Security Testing
Klocwork vs OpenText Static Application Security Testing Logo
Klocwork vs OpenText Static Application Security Testing
Semgrep vs OpenText Static Application Security Testing Logo
Semgrep vs OpenText Static Application Security Testing
CodeSonar vs OpenText Static Application Security Testing Logo
CodeSonar vs OpenText Static Application Security Testing
ReShaper vs OpenText Static Application Security Testing Logo
ReShaper vs OpenText Static Application Security Testing
DeepSource vs OpenText Static Application Security Testing Logo
DeepSource vs OpenText Static Application Security Testing
Helix QAC vs OpenText Static Application Security Testing Logo
Helix QAC vs OpenText Static Application Security Testing
PyCharm vs OpenText Static Application Security Testing Logo
PyCharm vs OpenText Static Application Security Testing
Codacy vs OpenText Static Application Security Testing Logo
Codacy vs OpenText Static Application Security Testing
Kiuwan Insights vs OpenText Static Application Security Testing Logo
Kiuwan Insights vs OpenText Static Application Security Testing
See all alternatives
 
OpenText Static Application Security Testing Reviews Summary
Author infoRatingReview Summary
Lead Information Security Analyst at a financial services firm with 10,001+ employees4.5I use Fortify Static Code Analyzer to identify critical vulnerabilities with effective automation and remediation guidance. While it offers fewer false positives than others, it needs frequent rule pack updates to address new vulnerabilities. Fortify is my preferred choice over Veracode.
Manager at DTEK4.0We've been working with Fortify Static Code Analyzer, and while we're satisfied with its dynamic and static scanning capabilities, it lacks AI integration for enhanced vulnerability analysis. Integration with Active Directory and AI tools would be beneficial.
CTO at Marco Technology4.0I use Fortify Static Code Analyzer to ensure secure coding during software development, appreciating its extensive language support. However, deployment needs simplification. I've relied on OpenText products since inception due to their unique functionalities compared to others.
Vice President, Cybersecurity at a financial services firm with 10,001+ employees5.0We manage our software development security using Fortify Static Code Analyzer, which excels in unified vulnerability triaging and offers impressive language support. However, improvements in update frequency and design are needed. Our investment has yielded substantial returns, especially compared to previous tools.
Sr cyber analyst at a energy/utilities company with 10,001+ employees4.0We use Fortify Static Code Analyzer for thorough code scanning. Its integration with various IDEs and Azure DevOps is straightforward, though configuration is tricky and resource-heavy for JavaScript and TypeScript. It's costly, but early vulnerability detection aids development.
Software analyst at a financial services firm4.5We use Fortify Static Code Analyzer with Azure DevOps to streamline the code process, automatically performing scans at builds. It effectively helps us understand security issues, although its cost could be lower.
Adjunct at University of Maryland5.0I use Fortify Static Code Analyzer as a SaaS tool for reviewing static code and identifying vulnerabilities. Its management view and Software Security Center are valuable, but it could be improved with a more cost-effective version for single developers.
Vice President Application Security North America at BNP Paribas4.0I use Fortify SAST for static code analysis to identify vulnerabilities in various programming languages. Though it integrates well with development tools, the false positives need reduction to ensure reported vulnerabilities are true security concerns.