Fortify Software Security Center vs OpenText Core Application Security comparison

Fortify Software Security Center vs. OpenText Core Application Security

Download the complete report

Helped 884,873 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Fortify Software Security C...

Ranking in Static Application Security Testing (SAST)

19th

Average Rating

8.0

Reviews Sentiment

4.6

Number of Reviews

Ranking in other categories

No ranking in other categories

OpenText Core Application S...

Ranking in Static Application Security Testing (SAST)

12th

Average Rating

8.0

Reviews Sentiment

7.0

Number of Reviews

Ranking in other categories

Application Security Tools (13th)

Mindshare comparison

As of March 2026, in the Static Application Security Testing (SAST) category, the mindshare of Fortify Software Security Center is 1.3%, up from 0.4% compared to the previous year. The mindshare of OpenText Core Application Security is 3.0%, down from 4.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Static Application Security Testing (SAST) Mindshare Distribution
Product	Mindshare (%)
OpenText Core Application Security	3.0%
Fortify Software Security Center	1.3%
Other	95.7%

Static Application Security Testing (SAST)

Featured Reviews

Diego Caicedo Lescano

Chief Innovation Officer at SAGGA

Enables centralized analysis and improves governance through seamless tool integration

The main use case for Fortify Software Security Center is exceptional because we have governance and control through that console. You can centralize both static analysis and dynamic analysis, and correlate both analyses in one tool to get better results by combining those independent results from each solution. That is outstanding, and there is no tool I have seen on the market that offers these capabilities. I appreciate the interoperability with other solutions from Fortify Software Security Center. Because we are using Kiuwan, you can run Kiuwan analyses and integrate them with Fortify Software Security Center to get those results in a single console. That is a good console for centralizing things in one point. That is one of the best features of the on-premises Fortify.

Read full review

Himanshu_Tyagi

Lead Cybersecurity at TBO

Supports secure development pipelines and improves issue detection but limits internal visibility and needs broader dashboard integration

If you have an internal team and you want your internal team to validate false positives, basically to determine whether it's a valid issue or an invalid issue, then I wouldn't recommend it much. That was the only reason we migrated from Fortify on Demand to another solution. Fortify has another tool which is Fortify WebInspect. On Demand is the outsourcing solution, and WebInspect you can use with your in-house team, which is basically the product developed by the Fortify team. For automated scanning, Fortify helps a lot. Regarding the visibility for the internal team, everyone is moving toward the DevSecOps side, and Fortify team has made good progress that you can integrate into your CICD pipeline. One thing I would highlight is if Fortify can focus more on the centralized dashboard of the tools because nowadays, tools such as SentinelOne also exist for identifying security issues, but they have a centralized dashboard that merges their cloud solution and application security side solution together. If you have one tool that works for different solutions, it helps a lot. They are doing good, but they should invest more on the AI side as well because AI security is evolving these days. On the cloud side, they have already made good progress, but I believe they should explore the new area related to AI security as well.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The main use case for Fortify Software Security Center is exceptional because we have governance and control through that console."

"Fortify Analytics' AI function helps scan and provides more detailed explanations and recommendations about vulnerabilities."

"The overall rating for this tool is ten out of ten."

"You can easily download the tool's rule packs and update them."

"The reporting is very useful because you can always view an entire list of the issues that you have."

"This is a stable solution at the end of the day."

"It's very important because they want to scan their source code every day, so we provide CICD integration to our customers so they can auto build and auto test every day, get reports, and fix issues."

"I like the explanation of issues provided by Fortify Software Security Center."

More Fortify Software Security Center pros

"The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation."

"The most valuable features are the server, scanning, and it has helped identify issues with the security analysis."

"Speed and efficiency are great features."

"The best features with Fortify on Demand include having analysis for any product based on analysis points."

"Fortify helps us to stay updated with the newest languages and versions coming out."

"The solution is very fast."

"It is valuable in improving our overall security posture by catching significant errors."

"t's a cloud-based solution, so there was no installation involved."

More OpenText Core Application Security pros

Cons

"Fortify Software Security Center's setup is really painful."

"We are having issues with false positives that need to be resolved."

"Improvements needed for Software Security Center include better aggregation views of datasets."

"I am not satisfied with the percentage of false positives, which is around eighteen percent."

"The product's overlap feature is restrictive and requires more customization efforts, which can be expensive."

"This solution is difficult to implement, and it should be made more comfortable for the end-users."

"The support for Fortify on-premises is the same as for the other products. I would say the support is not good and I would rate it a three out of ten."

"Improvements needed for Software Security Center include better aggregation views of datasets."

"I know OpenText is developing Aviator, similar to ChatGPT, with LLM inside the OpenText Core Application Security environment. However, I understand they do not have it for the on-premises environment."

"The biggest deficiency is the integration with bug tracker systems. It might be better if the configuration screen presented for accessing the bug tracking systems could provide some flexibility."

"Integration to CI/CD pipelines could be improved. The reporting format could be more user friendly so that it is easy to read."

"There are frequent complaints about false positives from Fortify. One day it may pass a scan with no issues, and the next day, without any code changes, it will report vulnerabilities such as password exposure."

"Sometimes when we run a full scan, we have a bunch of issues in the code. We should not have any issues."

"It does scanning for all virtual machines and other things, but it doesn't do the scanning for containers. It currently lacks the ability to do the scanning on containers. We're asking their product management team to expand this capability to containers."

"I believe that HP’s FoD Clients could sell more services to clients if HP put more effort into delivering visually pleasing reporting capabilities."

"It could use better integration with the incident management processor."

More OpenText Core Application Security cons

Pricing and Cost Advice

"The solution is priced fair."

"As a Fortify partner company providing technical support, I find the product expensive in our country, where local, inexpensive products are available."

"This is a costly solution that could be cheaper."

"The licensing was good because the licenses have the heavy centralized server."

"If I exceed one million lines of code, there might be an extra cost or a change in the pricing bracket."

"We make an annual purchase of the licenses we need."

"The subscription model, on a per-scan basis, is a bit expensive. That's another reason we are not using it for all the apps."

"The pricing model it's based on how many applications you wish to scan."

"Buying a license would be feasible for regular use. For intermittent use, the cloud-based option can be used (Fortify on Demand)."

"There are different costs for Micro Focus Fortify on Demand depending on the assessments you want to use. There is only a standard license needed to use the solution."

"The solution is expensive and the price could be reduced."

More OpenText Core Application Security pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.

See recommendations

884,873 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Manufacturing Company

15%

Financial Services Firm

11%

Government

Computer Software Company

Financial Services Firm

15%

Manufacturing Company

14%

Government

Computer Software Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	4
Midsize Enterprise	1
Large Enterprise	3

By reviewers
Company Size	Count
Small Business	18
Midsize Enterprise	8
Large Enterprise	45

Questions from the Community

What is your experience regarding pricing and costs for Micro Focus Software Security Center?

The pricing for the on-premises Fortify is expensive.

What needs improvement with Micro Focus Software Security Center?

In my opinion, there are no areas that could be improved with Fortify Software Security Center. I would say it is a good product and a mature product. However, the SAST has many improvement areas. ...

What is your primary use case for Micro Focus Software Security Center?

We have installed Fortify Static Code Analysis, SAST, in Ecuador in two customers. The Fortify ScanCentral includes three components: SAST, Fortify Software Security Center, and the WebInspect.

What do you like most about Micro Focus Fortify on Demand?

It helps deploy and track changes easily as per time-to-time market upgrades.

What is your experience regarding pricing and costs for Micro Focus Fortify on Demand?

In comparison with other tools, they're competitive. It is not more expensive than other solutions, but their pricing is competitive. The licenses for Fortify On Demand are generally bought in unit...

What needs improvement with Micro Focus Fortify on Demand?

Checkmarx One vs Fortify Software Security Center

Comparisons

Compared 25% of the time

Checkmarx IaC Security / KICS vs Fortify Software Security Center

Compared 13% of the time

SonarQube vs Fortify Software Security Center

Compared 8% of the time

Coverity Static vs Fortify Software Security Center

Compared 7% of the time

Semgrep vs Fortify Software Security Center

Compared 6% of the time

More Fortify Software Security Center Competitors

SonarQube vs OpenText Core Application Security

Compared 20% of the time

Checkmarx One vs OpenText Core Application Security

Compared 10% of the time

Veracode vs OpenText Core Application Security

Compared 5% of the time

Coverity Static vs OpenText Core Application Security

Compared 5% of the time

Mend.io vs OpenText Core Application Security

Compared 2% of the time

More OpenText Core Application Security Competitors

Product Reports

Static Application Security Testing (SAST)

Download Fortify Software Security Center product report

OpenText Core Application Security

Download OpenText Core Application Security product report

OpenText Core Application Security report

Also Known As

Micro Focus Software Security Center, Application Security Center, HPE Application Security Center, WebInspect

Micro Focus Fortify on Demand

Overview

Software Security Center enables management, development, and security teams to work together to triage, track, validate, automate, and manage software security activities.

OpenText

OpenText Core Application Security offers robust features like static and dynamic scanning, real-time vulnerability tracking, and seamless integration with development platforms, designed to enhance code security and reduce operational costs.

OpenText Core Application Security is a cloud-based, on-demand service providing accurate and deep scanning capabilities with detailed reporting. Its integrations with development platforms ensure an enhanced security layer in the development lifecycle, benefiting users by lowering operational costs and facilitating efficient remediation. The platform addresses needs for intuitive interfaces, API support, and comprehensive vulnerability assessments, helping improve code security and accelerate time-to-market. Despite its strengths, challenges exist around false positives, report clarity, and language support, alongside confusing pricing and package options. Enhancements are sought in areas like CI/CD pipeline configuration, report visualization, scan times, and integration with third-party tools such as GitLab, container scanning, and software composition analysis.

What features define OpenText Core Application Security?

Static and Dynamic Scanning: Offers thorough analysis to identify vulnerabilities during development.
Real-time Vulnerability Tracking: Continuously updates and monitors potential security threats.
Seamless Development Platform Integration: Enhances security processes without disrupting workflows.
Cloud-Based Service: Provides flexible, on-demand security capabilities with accurate results.
API Support: Allows smooth integration and automation within existing systems.

What benefits should users look for in reviews?

Reduced Operational Costs: Optimizes resources by lowering costs associated with security management.
Efficient Remediation: Speeds up the process of identifying and resolving vulnerabilities.
Enhanced Code Security: Strengthens overall application security during the development lifecycle.
Accelerated Time-to-Market: Streamlines development stages by integrating essential security tools.

Industries like mobile applications, e-commerce, and banking leverage OpenText Core Application Security for its ability to identify vulnerabilities such as SQL injections. Integrating seamlessly with DevSecOps and security auditing processes, this tool supports developers in writing safer code, ensuring secure application deployment and enhancing software assurance.

OpenText

Sample Customers

Neosecure, Acxiom, Skandinavisk Data Center A/S, Parkeon

SAP, Aaron's, British Gas, FICO, Cox Automative, Callcredit Information Group, Vital and more.

Fortify Software Security Center vs. OpenText Core Application Security