OpenText Static Application Security Testing empowers teams with efficient vulnerability detection and streamlined secure coding practices, offering comprehensive language support and seamless integration with development tools.
| Product | Market Share (%) |
|---|---|
| OpenText Static Application Security Testing | 10.9% |
| Veracode | 24.2% |
| Checkmarx One | 15.9% |
| Other | 49.0% |
| Type | Title | Date | |
|---|---|---|---|
| Category | Static Code Analysis | Aug 29, 2025 | Download |
| Product | Reviews, tips, and advice from real users | Aug 29, 2025 | Download |
| Comparison | OpenText Static Application Security Testing vs Veracode | Aug 29, 2025 | Download |
| Comparison | OpenText Static Application Security Testing vs Checkmarx One | Aug 29, 2025 | Download |
| Comparison | OpenText Static Application Security Testing vs Mend.io | Aug 29, 2025 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| Veracode | 4.0 | 24.2% | 90% | 203 interviewsAdd to research |
| Mend.io | 4.2 | 8.2% | 96% | 31 interviewsAdd to research |
| Company Size | Count |
|---|---|
| Small Business | 4 |
| Midsize Enterprise | 2 |
| Large Enterprise | 10 |
| Company Size | Count |
|---|---|
| Small Business | 259 |
| Midsize Enterprise | 136 |
| Large Enterprise | 1007 |
OpenText Static Application Security Testing enhances software security during development by accurately identifying vulnerabilities with minimal false positives. It integrates seamlessly with IDEs and CI/CD pipelines, making it highly efficient for early detection of security issues. Users benefit from its easy setup, clear documentation, and centralized portal for managing security findings. Despite facing challenges like high costs and complex configurations for certain languages, its role in facilitating compliance and streamlining secure coding processes is indispensable. Improvements are needed in areas such as outdated design, language support, and integration capabilities to meet evolving user expectations.
What features does OpenText Static Application Security Testing offer?Organizations across diverse sectors implement OpenText Static Application Security Testing primarily to secure applications during development phases. Its integration with tools like GitLab, Jenkins, and Azure DevOps ensures a robust security pipeline. By combining with Sonatype Nexus, secure code, and library management is achieved effectively.
OpenText Static Application Security Testing was previously known as Fortify Static Code Analysis SAST.
| Author info | Rating | Review Summary |
|---|---|---|
| Lead Information Security Analyst at a financial services firm with 10,001+ employees | 4.5 | I use Fortify Static Code Analyzer to identify critical vulnerabilities with effective automation and remediation guidance. While it offers fewer false positives than others, it needs frequent rule pack updates to address new vulnerabilities. Fortify is my preferred choice over Veracode. |
| Manager at DTEK | 4.0 | We've been working with Fortify Static Code Analyzer, and while we're satisfied with its dynamic and static scanning capabilities, it lacks AI integration for enhanced vulnerability analysis. Integration with Active Directory and AI tools would be beneficial. |
| CTO at Marco Technology | 4.0 | I use Fortify Static Code Analyzer to ensure secure coding during software development, appreciating its extensive language support. However, deployment needs simplification. I've relied on OpenText products since inception due to their unique functionalities compared to others. |
| Vice President, Cybersecurity at a financial services firm with 10,001+ employees | 5.0 | We manage our software development security using Fortify Static Code Analyzer, which excels in unified vulnerability triaging and offers impressive language support. However, improvements in update frequency and design are needed. Our investment has yielded substantial returns, especially compared to previous tools. |
| Sr cyber analyst at a energy/utilities company with 10,001+ employees | 4.0 | We use Fortify Static Code Analyzer for thorough code scanning. Its integration with various IDEs and Azure DevOps is straightforward, though configuration is tricky and resource-heavy for JavaScript and TypeScript. It's costly, but early vulnerability detection aids development. |
| Software analyst at a financial services firm | 4.5 | We use Fortify Static Code Analyzer with Azure DevOps to streamline the code process, automatically performing scans at builds. It effectively helps us understand security issues, although its cost could be lower. |
| Adjunct at University of Maryland | 5.0 | I use Fortify Static Code Analyzer as a SaaS tool for reviewing static code and identifying vulnerabilities. Its management view and Software Security Center are valuable, but it could be improved with a more cost-effective version for single developers. |
| Vice President Application Security North America at BNP Paribas | 4.0 | I use Fortify SAST for static code analysis to identify vulnerabilities in various programming languages. Though it integrates well with development tools, the false positives need reduction to ensure reported vulnerabilities are true security concerns. |
