Fortify Static Code Analyzer

Fortify Static Code Analyzer identifies security vulnerabilities in your source code early in the software development lifecycle and provides best practices so developers can code more sucurely.

Key Features


Efficient

Improve scan times, get results faster, and accelerate the time it takes to get software into production by helping developers improve their programming productivity with incremental scanning.

Comprehensive

Supports a wide variety of development environments, languages, platforms, and frameworks to enable security reviews in mixed development and production environments.

Accurate

Guided by the largest and most complete set of security coding rules that are expanded and automatically updated by the Fortify Software Security Research team.

Easy to Use

Integrate into any environment through scripts, plugins, and tools so developers can get up and running quickly and easily.

Scales to any Application

With support for the most programming languages, Fortify SCA identifies the risk in all types of applications and scales with the growing demands of the business.

Visibility

Fortify Software Security Center is a centralized management repository providing visibility and reports for your entire appsec testing program. Dashboards highlight the risk in your applications and helps to review, manage and track your security testing activities, prioritize remediation efforts and control your software portfolio.

“We can identify, analyze, and resolve possible issues far more efficiently with HPE Security Fortify Static Code Analyzer than we ever could before. … Manually reviewing code or writing custom scripts just wouldn’t scale. Because HPE Security Fortify Static Code Analyzer can scan large amounts of code at scale and provide immediately actionable results, it’s realistic for our developers to make secure coding part of their everyday job.”

Brenton Witonski, former IT Security Engineer at Acxiom

Reducing Security Risk By Building Better Software

HPE Security Fortify Static Code Analyzer (SCA) is used by development groups and security professionals to analyze the source code of an application for security issues. SCA identifies root causes of software security vulnerabilities, and delivers accurate, risk-ranked results with line-of-code remediation guidance, making it easy for your team to address serious issues first.

(PDF 260 KB)

Getting Software to Production Faster

Businesses require innovative ways to accelerate the SDLC. Fortify SCA offers incremental scanning which deliver faster scan times and results, improves productivity allowing for more scans, and keeps you competitive by releasing applications faster.

(PDF 260 KB)

Taxonomy of Software Security Errors

To help developers understand the common types of coding mistakes that lead to security vulnerabilities, Fortify’s research team created The Seven Pernicious Kingdoms, which unifies the organization of vulnerabilities and maps them to industry standards.

 

Visibility to your application security program in one centralized management repository

Fortify Software Security Center provides visibility to an entire application security program to help resolve vulnerabilities across the software portfolio. It harnesses the power of application security data across the SDLC by measuring the efficiency, accuracy and value via dashboards and reports.