OpenText Fortify Static Code Analyzer Pros and Cons

What do you like best about OpenText Fortify Static Code Analyzer?

The ease of use and an intuitive UI makes using the Fortify Static Code Analyzer quite easy for people who are new to it. A topic as complex as Security becomes manageable as the tool provides detailed reports on what the vulnerabilities are with their severity level and quite an extensive description of what is causing the vulnerability and recommendations to fix it. This makes life for the developers who might be new to Security. Review collected by and hosted on G2.com.

What do you dislike about OpenText Fortify Static Code Analyzer?

Some newer language syntax of certain languages like Java 8+ might not be understood by Fortify which leads to false positives. Also, certain non-fixeable vulnerabilities for which exceptions were provided would pop back up once in a while, which is a bit annoying. Review collected by and hosted on G2.com.

What do you like best about OpenText Fortify Static Code Analyzer?

it Supports Nearly all programming languages, the process of testing is very easy, every new update makes it more functional. all the vulnerabilities of all languages are being updated on time. Review collected by and hosted on G2.com.

What do you dislike about OpenText Fortify Static Code Analyzer?

Some times it gives false positives, so we need to recheck it with other tools. please improve the vulnerabilities identification. Review collected by and hosted on G2.com.

What do you like best about OpenText Fortify Static Code Analyzer?

Tool is really good. Specially i liked the ai feature.machine learning used is really good. Review collected by and hosted on G2.com.

What do you dislike about OpenText Fortify Static Code Analyzer?

Need to improve on false positive. Some time results give general results for all th Language. For example some vulnerability does not applicable for java but it will show. So need to improve on that part. Review collected by and hosted on G2.com.

What do you like best about OpenText Fortify Static Code Analyzer?

Liked that it support multiple languages, which comes with a less price as compared to other commercial SAST tools. Review collected by and hosted on G2.com.

What do you dislike about OpenText Fortify Static Code Analyzer?

When it comes to the detection, found couple of false positives, for example: found quite of null pointer exceptions which turns out to be incorrect. Review collected by and hosted on G2.com.

What do you like best about OpenText Fortify Static Code Analyzer?

We like

1. the ease of onboarding

2. the ease of use it in command line

3. How it integrates with Gitlab CI and Jenkins seemlessly

4. The pdf report is useful to present the output to stakeholders and for auditing. Review collected by and hosted on G2.com.

What do you dislike about OpenText Fortify Static Code Analyzer?

We rarely use dashboard. Since there are offshore and onshore restrictions, it is hard to give roles in the site. Review collected by and hosted on G2.com.

What do you like best about OpenText Fortify Static Code Analyzer?

I like the fact that the tool gives a detailed description of the highlighted issues and its very cost effective.

Also better than checkmarx and white hat security. Review collected by and hosted on G2.com.

What do you dislike about OpenText Fortify Static Code Analyzer?

Nothing much until now. Overall its a great tool than what i have reviewed before. Review collected by and hosted on G2.com.

What do you like best about OpenText Fortify Static Code Analyzer?

Code scan duration is quite fast and the result is quite detail. Review collected by and hosted on G2.com.

What do you dislike about OpenText Fortify Static Code Analyzer?

Integration process is very complicated. Review collected by and hosted on G2.com.

What do you like best about OpenText Fortify Static Code Analyzer?

When it comes to application security you cannot neglect the GAINT Microfocus Fortify. They offer a suite of products such as Fortify SCA, SSC, Audit Workbench, Application Defender, Web Inspect, and their cloud offering Fortify OnDemand to combat security threats for every type of organization. The most striking features of their Fortify are a good number of supported languages, a wide variety of integration capabilities with IDEs, and build servers(Jenkins, Bamboo, Visual Studio, Gradle & Make), Integration with various bug trackers such as Bugzilla, Jira, ALM Octane. Review collected by and hosted on G2.com.

What do you dislike about OpenText Fortify Static Code Analyzer?

Analysis of COTS products will be a challenge with Fortify SCA. But there are other solutions such as Fortify Application Defender to deal with security of COTS product Review collected by and hosted on G2.com.

What do you like best about OpenText Fortify Static Code Analyzer?

It always pinpoint the security vulnerabilities! Review collected by and hosted on G2.com.

What do you dislike about OpenText Fortify Static Code Analyzer?

Nothing so far based on my experience . Review collected by and hosted on G2.com.

What do you like best about OpenText Fortify Static Code Analyzer?

Can be integrated with CI/CD which reduces lots of manual works. Scans are fast and not time consuming Review collected by and hosted on G2.com.

What do you dislike about OpenText Fortify Static Code Analyzer?

Must include docker files scanning mechanism Review collected by and hosted on G2.com.