Fortify Static Code Analyzer

Build secure software fast. Find security issues early and fix at the speed of DevOps.

Automated static code analysis helps developers eliminate vulnerabilities and build secure software.
Code securely with integrated SAST
Code securely with integrated SAST

Developers find and fix security defects in real-time during the coding process, with integrations to IDEs. Learn more.

face to face
Cover languages that developers use

Gain comprehensive, accurate language coverage and enable compliance. Learn more.

Launch fast, automated scans
Launch fast, automated scans

Launch automated scans optimized for coverage or speed. Learn more.

Fix at the speed of DevOps
Fix at the speed of DevOps

Drill into the source code details with our rich analysis results, which enable you to quickly triage and fix complex security issues. Learn more.

Automate security within CI/CD
Automate security within CI/CD

Automate scans to enable developers on security. Learn more.

Scale your AppSec program
Scale your AppSec program

Secure custom and open source code with fast and highly optimized static scans. Learn more.

Dive deeper. Discover more.

  • Code securely with integrated SAST
    Code securely with integrated SAST

    Code securely with integrated SAST
    Code securely with integrated SAST

    • Find and fix security vulnerabilities in real time with Security Assistant in the Eclipse or Visual Studio IDE with the developer’s security “spell checker.”
    • Gamified training supports developers' ability to create secure code.
    DATA SHEET
    DATA SHEET

    Fortify Static Code Analyzer (SCA) Static Application Security Testing

    INFOGRAPHIC
    INFOGRAPHIC

    Fortify Security Assistant

    Security Assistant for Visual Studio demo
  • icon
    Cover languages that developers use

    icon
    Cover languages that developers use

    • Accurate support for 25+ major languages and their frameworks, with agile updates backed by the industry-leading Software Security Research (SSR) team.
    • Enable compliance with broad vulnerability coverage, including 800 vulnerability categories for SAST that enable compliance with standards such as OWASP Top 10, CWE/SANS Top 25, DISA STIG, and PCI DSS.
    FLYER
    FLYER

    Languages We Support

    WEB PAGE
    WEB PAGE

    Fortify Taxonomy: Software Security Errors

    Eclipse IDE – Using Fortify Security Assistant
  • Launch fast, automated scans
    Launch fast, automated scans

    Launch fast, automated scans
    Launch fast, automated scans

    • Seamlessly launch scans locally from the Fortify platform or via your IDE and CI/CD pipeline.
    • Build secure software faster and gain valuable insight with a centralized management repository for scan results.
    • Software Security Center (SSC) enables organizations to automate all aspects of an application security program.
    Value Brief
    VALUE BRIEF

    Static Code Analyzer

    BUYER’S GUIDE
    BUYER’S GUIDE

    The 2019 TechBeacon Buyer’s Guide for Application Security

    Demo of installing and using the Fortify Extension for Visual Studio 2019
  • Fix at the speed of DevOps
    Fix at the speed of DevOps

    Fix at the speed of DevOps
    Fix at the speed of DevOps

    • Create filters and issue templates for developer-specific views.
    • Audit Assistant reduces manual audit time by removing up to 90% of false positives with machine learning-assisted auditing.
    • Audit Workbench enables rich analysis and automated triage.
    • Fix issues at the most efficient point with SmartView filters that show how issues are related from a data flow perspective.
    WHITE PAPER
    WHITE PAPER

    Fortify Audit Assistant

    VIDEO
    VIDEO

    Smart View Demo

    Fortify SSC to JIRA bug tracking integration
  • Automate security within CI/CD
    Automate security within CI/CD

    Automate security within CI/CD
    Automate security within CI/CD

    • Automate security in the CI/CD pipeline with Swagger-supported RESTful APIs, GitHub repo, plugins for Bamboo, VSTS and Jenkins, and integration with open source component analysis tools.
    • Fortify SCA fits into existing development environments through scripts, plugins, and GUI tools so developers can get up and running quickly and easily.
    WEB PAGE
    WEB PAGE

    Integration Ecosystem

    WEB PAGE
    WEB PAGE

    Fortify Marketplace

    Scanning your code with Fortify SCA in Visual Studio
  • Scale your AppSec program
    Scale your AppSec program

    Scale your AppSec program
    Scale your AppSec program

    • Scan Central enables scaling with a static analysis farm that can be dynamically scaled to meet the changing demands of the CI/CD pipeline.
    • Scan with flexible deployment. Fortify SAST is available on-premises, as a service, or in hybrid mode to fit your business needs. You can start quickly and expand your AppSec program centrally.
    BROCHURE
    BROCHURE

    Build Application Security into the Entire SDLC

    Fortify demo with Visual Studio and Azure DevOps

Case Studies

Trust the security of your software with the most comprehensive, integrated, enterprise-scale application security solution.

View case studies

Vital Images, a medical imaging software company, leverages Fortify Static Code Analyzer to penetrate the DoD market.

Read case study

Acxiom, a leading data technology company, boosts application security with Fortify Static Code Analyzer to protect consumer information.

Read case study
`
release-rel-2019-11-2-3276 | Wed Nov 27 00:09:06 PST 2019
3276
release/rel-2019-11-2-3276
Wed Nov 27 00:09:06 PST 2019