OpenText SAST

OpenText SAST (Fortify Static Code Analyzer) is a set of software security analyzers that search for violations of security-specific coding rules and guidelines in a variety of languages. OpenText SAST produces analysis information to help you deliver more secure software, and make security code reviews more efficient, consistent, and complete. Its design enables you to incorporate customer-specific security rules.

For a list of supported languages, libraries, compilers, and build tools, see System requirements.

To analyze your application with OpenText SAST, you can:

• Perform the analysis directly from an IDE using one of the Secure Code Plugins: Fortify Extension for Visual Studio, Fortify Plugin for Eclipse, and Fortify Analysis Plugin for IntelliJ IDEA and Android Studio). You can also run the analysis from Fortify Audit Workbench.

  You can also view the security vulnerability analysis results in the IDE and Fortify Audit Workbench or upload the results to Fortify Software Security Center. For a description of the tools, see OpenText Application Security Tools.

• Integrate the analysis into your build system or run the analysis from the command line.

  This guide focuses primarily on this method of performing the analysis.