Fortify Static Code Analyzer

Build secure software fast. Find security issues early and fix at the speed of DevOps.

Automated static code analysis helps developers eliminate vulnerabilities and build secure software.
Code securely with integrated SAST
Code securely with integrated SAST

Developers find and fix security defects in real-time during the coding process, with integrations to IDEs. Learn more.

face to face
Cover languages that developers use

Gain comprehensive, accurate language coverage and enable compliance. Learn more.

Launch fast, automated scans
Launch fast, automated scans

Launch automated scans optimized for coverage or speed. Learn more.

Fix at the speed of DevOps
Fix at the speed of DevOps

Drill into the source code details with our rich analysis results, which enable you to quickly triage and fix complex security issues. Learn more.

Automate security within CI/CD
Automate security within CI/CD

Automate scans to enable developers on security. Learn more.

Scale your AppSec program
Scale your AppSec program

Secure custom and open source code with fast and highly optimized static scans. Learn more.

Dive deeper. Discover more.

  • icon
    Cover languages that developers use

    icon
    Cover languages that developers use

    • Accurate support for 26+ major languages and their frameworks, with agile updates backed by the industry-leading Software Security Research (SSR) team.
    • Enable compliance with broad vulnerability coverage, including 800 vulnerability categories for SAST that enable compliance with standards such as OWASP Top 10, CWE/SANS Top 25, DISA STIG, and PCI DSS.
    Eclipse IDE – Using Fortify Security Assistant
  • Launch fast, automated scans
    Launch fast, automated scans

    Launch fast, automated scans
    Launch fast, automated scans

    • Seamlessly launch scans locally from the Fortify platform or via your IDE and CI/CD pipeline.
    • Build secure software faster and gain valuable insight with a centralized management repository for scan results.
    • Software Security Center (SSC) enables organizations to automate all aspects of an application security program.
    Demo of installing and using the Fortify Extension for Visual Studio 2019
  • Fix at the speed of DevOps
    Fix at the speed of DevOps

    Fix at the speed of DevOps
    Fix at the speed of DevOps

    • Create filters and issue templates for developer-specific views.
    • Audit Assistant reduces manual audit time by removing up to 90% of false positives with machine learning-assisted auditing.
    • Audit Workbench enables rich analysis and automated triage.
    • Fix issues at the most efficient point with SmartView filters that show how issues are related from a data flow perspective.
    Fortify SSC to JIRA bug tracking integration
  • Automate security within CI/CD
    Automate security within CI/CD

    Automate security within CI/CD
    Automate security within CI/CD

    • Automate security in the CI/CD pipeline with Swagger-supported RESTful APIs, GitHub repo, plugins for Bamboo, VSTS and Jenkins, and integration with open source component analysis tools.
    • Fortify SCA fits into existing development environments through scripts, plugins, and GUI tools so developers can get up and running quickly and easily.
    Scanning your code with Fortify SCA in Visual Studio

Case Studies

Trust the security of your software with the most comprehensive, integrated, enterprise-scale application security solution.

View case studies

Vital Images, a medical imaging software company, leverages Fortify Static Code Analyzer to penetrate the DoD market.

Read case study

Acxiom, a leading data technology company, boosts application security with Fortify Static Code Analyzer to protect consumer information.

Read case study
`
release-rel-2020-5-2-4497 | Thu May 28 12:30:11 PDT 2020
4497
release/rel-2020-5-2-4497
Thu May 28 12:30:11 PDT 2020