No more typing reviews! Try our Samantha, our new voice AI agent.
OpenText Static Application Security Testing Logo

OpenText Static Application Security Testing pros and cons

Vendor: OpenText
4.1 out of 5
Leave a review

Pros & Cons summary

OpenText Static Application Security Testing offers flexibility for automation within DevOps pipelines and ad hoc usage, excelling in code analysis. It integrates with development environments and CI/CD pipelines but struggles with new language support, licensing costs, and false positives, especially in Python. The Fortify Software Security Center fosters developer-security team collaboration, though deployment complexity and a steep learning curve challenge users in prioritizing vulnerabilities.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

OpenText Static Application Security Testing is praised for its flexibility, allowing full DevOps pipeline automation and ad hoc testing options.
The tool excels at providing extensive language support and detailed documentation, making it user-friendly for developers and security professionals alike.
It effectively identifies security vulnerabilities by analyzing code and offers best practices for fixing issues, enhancing development quality.
Integration with various development environments and tools, such as IDEs and CI/CD pipelines, is seamless, aiding in efficient software development.
Fortify Software Security Center combines scan results for comprehensive security analysis and decision-making, adding to its value.

CONS

OpenText Static Application Security Testing struggles to keep current with the latest static code languages and variants.
Static code analysis is inherently noisy, and users face a significant number of false positives.
The pricing of OpenText Static Application Security Testing is considered high, with a hefty licensing fee.
Excluding files from scans can be tricky, with some IDE integration features not working as expected.
OpenText Static Application Security Testing needs improvement in streamlining upgrade processes and enhancing compatibility across platforms.
 

OpenText Static Application Security Testing Pros review quotes

DK
Dristi Kurre
Lead Information Security Analyst at a financial services firm with 10,001+ employees
May 29, 2025
My initial setup of Fortify Static Code Analyzer was good.
Read full review
EG
EvgenGulak
Manager at DTEK
May 9, 2025
We are satisfied with this solution.
Read full review
Aphiwat Leetavorn. - PeerSpot reviewer
Aphiwat Leetavorn.
CTO at Marco Technology
Mar 21, 2025
I recommend this product due to its good pricing, extensive language support, valuable features, and additional features like Fortify Academy.
Read full review
Buyer's Guide
OpenText Static Application Security Testing
April 2026
Free Report: OpenText Static Application Security Testing Reviews and More
Learn what your peers think about OpenText Static Application Security Testing. Get advice and tips from experienced pros sharing their opinions. Updated: April 2026.
DOWNLOAD NOW
893,221 professionals have used our research since 2012.
reviewer2317233 - PeerSpot reviewer
reviewer2317233
Vice President, Cybersecurity at a financial services firm with 10,001+ employees
Nov 30, 2023
The Software Security Center, which is often overlooked, stands out as the most effective feature.
Read full review
AA
Amal Alshehri
Sr cyber analyst at a energy/utilities company with 10,001+ employees
Oct 17, 2023
I like Fortify Software Security Center or Fortify SSC. This tool is installed on each developer's machine, but Fortify Software Security Center combines everything. We can meet there as security professionals and developers. The developers scan their code and publish the results there. We can then look at them from a security perspective and see whether they fixed the issues. We can agree on whether something is a false positive and make decisions.
Read full review
VF
Vincenzo Fioravanti
Software analyst at a financial services firm
Dec 6, 2023
The reference provided for each issue is extremely helpful.
Read full review
JB
Jumani Blango
Adjunct at University of Maryland
Nov 13, 2023
You can really see what's happening after you've developed something.
Read full review
HT
Hieu Tran Minh
Developer at Protonmail
Jun 21, 2024
Fortify Static Code Analyzer's most valuable features are its ability to provide best practices for fixing code and its examples and capabilities to address security problems in the code. It effectively identifies security vulnerabilities by analyzing the code and offering insights on improving it.
Read full review
Vishal Dhamke - PeerSpot reviewer
Vishal Dhamke
Vice President Application Security North America at BNP Paribas
Dec 29, 2023
Fortify integrates with various development environments and tools, such as IDEs (Integrated Development Environments) and CI/CD pipelines.
Read full review
Vishal Dhamke - PeerSpot reviewer
Vishal Dhamke
Vice President Application Security North America at BNP Paribas
Sep 5, 2023
The integration Subset core integration, using Jenkins is one of the good features.
Read full review
Show 9 more reviews (out of 19)
 

OpenText Static Application Security Testing Cons review quotes

DK
Dristi Kurre
Lead Information Security Analyst at a financial services firm with 10,001+ employees
May 29, 2025
I have not seen a return on investment with Fortify Static Code Analyzer.
Read full review
EG
EvgenGulak
Manager at DTEK
May 9, 2025
I'm not sure if Fortify Static Code Analyzer has AI capabilities. Currently, this solution doesn't quite have what we need.
Read full review
Aphiwat Leetavorn. - PeerSpot reviewer
Aphiwat Leetavorn.
CTO at Marco Technology
Mar 21, 2025
The deployment of Fortify Static Code Analyzer needs to be simplified.
Read full review
Buyer's Guide
OpenText Static Application Security Testing
April 2026
Free Report: OpenText Static Application Security Testing Reviews and More
Learn what your peers think about OpenText Static Application Security Testing. Get advice and tips from experienced pros sharing their opinions. Updated: April 2026.
DOWNLOAD NOW
893,221 professionals have used our research since 2012.
reviewer2317233 - PeerSpot reviewer
reviewer2317233
Vice President, Cybersecurity at a financial services firm with 10,001+ employees
Nov 30, 2023
Fortify's software security center needs a design refresh.
Read full review
AA
Amal Alshehri
Sr cyber analyst at a energy/utilities company with 10,001+ employees
Oct 17, 2023
It can be tricky if you want to exclude some files from scanning. For instance, if you do not want to scan and push testing files to Fortify Software Security Center, that is tricky with some IDEs, such as IntelliJ. We found that there is an Exclude feature that is not working. We reported that to them for future fixing. It needs some work on the plugins to make them consistent across IDEs and make them easier.
Read full review
VF
Vincenzo Fioravanti
Software analyst at a financial services firm
Dec 6, 2023
The price can be improved.
Read full review
JB
Jumani Blango
Adjunct at University of Maryland
Nov 13, 2023
Their licensing is expensive.
Read full review
HT
Hieu Tran Minh
Developer at Protonmail
Jun 21, 2024
False positives need improvement in the future. Fortify's vulnerability remediation guidance helps improve code security, but I think they need to improve the focus of the solution, as it still contains many bugs and needs a thorough review.
Read full review
Vishal Dhamke - PeerSpot reviewer
Vishal Dhamke
Vice President Application Security North America at BNP Paribas
Dec 29, 2023
The generation of false positives should be reduced.
Read full review
Vishal Dhamke - PeerSpot reviewer
Vishal Dhamke
Vice President Application Security North America at BNP Paribas
Sep 5, 2023
The generation of false positives should be reduced.
Read full review
Show 9 more reviews (out of 19)

Product Categories

Product Categories
Static Code Analysis

Popular Comparisons

Popular Comparisons
Checkmarx One vs OpenText Static Application Security Testing Logo
Checkmarx One vs OpenText Static Application Security Testing
Veracode vs OpenText Static Application Security Testing Logo
Veracode vs OpenText Static Application Security Testing
Mend.io vs OpenText Static Application Security Testing Logo
Mend.io vs OpenText Static Application Security Testing
Semgrep vs OpenText Static Application Security Testing Logo
Semgrep vs OpenText Static Application Security Testing
Klocwork vs OpenText Static Application Security Testing Logo
Klocwork vs OpenText Static Application Security Testing
CodeSonar vs OpenText Static Application Security Testing Logo
CodeSonar vs OpenText Static Application Security Testing
DeepSource vs OpenText Static Application Security Testing Logo
DeepSource vs OpenText Static Application Security Testing
Helix QAC vs OpenText Static Application Security Testing Logo
Helix QAC vs OpenText Static Application Security Testing
PyCharm vs OpenText Static Application Security Testing Logo
PyCharm vs OpenText Static Application Security Testing
Codacy vs OpenText Static Application Security Testing Logo
Codacy vs OpenText Static Application Security Testing
ReShaper vs OpenText Static Application Security Testing Logo
ReShaper vs OpenText Static Application Security Testing
Whole Tomato Visual Assist vs OpenText Static Application Security Testing Logo
Whole Tomato Visual Assist vs OpenText Static Application Security Testing
Kiuwan Insights vs OpenText Static Application Security Testing Logo
Kiuwan Insights vs OpenText Static Application Security Testing
See all alternatives

Product Categories

Product Categories
Static Code Analysis

Popular Comparisons

Popular Comparisons
Checkmarx One vs OpenText Static Application Security Testing Logo
Checkmarx One vs OpenText Static Application Security Testing
Veracode vs OpenText Static Application Security Testing Logo
Veracode vs OpenText Static Application Security Testing
Mend.io vs OpenText Static Application Security Testing Logo
Mend.io vs OpenText Static Application Security Testing
Semgrep vs OpenText Static Application Security Testing Logo
Semgrep vs OpenText Static Application Security Testing
Klocwork vs OpenText Static Application Security Testing Logo
Klocwork vs OpenText Static Application Security Testing
CodeSonar vs OpenText Static Application Security Testing Logo
CodeSonar vs OpenText Static Application Security Testing
DeepSource vs OpenText Static Application Security Testing Logo
DeepSource vs OpenText Static Application Security Testing
Helix QAC vs OpenText Static Application Security Testing Logo
Helix QAC vs OpenText Static Application Security Testing
PyCharm vs OpenText Static Application Security Testing Logo
PyCharm vs OpenText Static Application Security Testing
Codacy vs OpenText Static Application Security Testing Logo
Codacy vs OpenText Static Application Security Testing
ReShaper vs OpenText Static Application Security Testing Logo
ReShaper vs OpenText Static Application Security Testing
Whole Tomato Visual Assist vs OpenText Static Application Security Testing Logo
Whole Tomato Visual Assist vs OpenText Static Application Security Testing
Kiuwan Insights vs OpenText Static Application Security Testing Logo
Kiuwan Insights vs OpenText Static Application Security Testing
See all alternatives
Related questions
  • 97
What is the difference between SAST and SCA tools?
  • 22
When evaluating Static Code Analysis Software, what aspect do you think is the most important to look for?
  • 66
Differences between Black Duck & Veracode
  • 46
What is your recommended static code analysis tool for JavaScript and C/C++?
  • 67
Is there an automated way to validate and enforce requirements for application security when creating components, and cloud environments?
  • 35
Why is Static Code Analysis important for companies?