Fortify Static Code Analyzer

How it works

Manage risk proactively with automated static testing

Micro Focus Fortify Static Code Analyzer reduces software risk by identifying security vulnerabilities that pose the biggest threats to your organization. It pinpoints the root cause of the vulnerability, correlates and prioritizes results, and provides best practices so developers can develop code more securely.

Detect more

Fortify Static Code Analyzer (SCA) supports a wide variety of development environments, languages, platforms, and frameworks to enable security reviews in mixed development and production environment. Fortify SCA supports over 25 development languages, detects 770 unique vulnerability categories, and has over 970,000 component-level APIs.

Discover

Fortify Static Code Analyzer discovers security vulnerabilities in all your applications whether they are built in-house, outsourced, third party, or mobile. It identifies security vulnerabilities in source code and prioritizes them by severity and importance, pinpoints the root cause with line of code detail, and provides best practices to help developers remove exploitable vulnerabilities that pose the greatest threats.

Discover
Analyze

The Fortify analysis engine, which consists of multiple specialized analyzers, uses secure coding rules to analyze the code base for violations to secure coding practices. Fortify SCA provides a rules-builder to extend and expand analysis capabilities, enabling you to include custom rules to analyze and review the data that is important to the organization.

Analyze
Take action

Fortify Static Code Analyzer's web based collaboration capabilities provides the ability for security professionals, developers, and managers to work together on code review and take immediate action to remediate security vulnerabilities quickly, reducing risk and exposure. Fortify SCA provides visibility so users can analyze individual vulnerabilities, assign them to developers for remediation, and track activities to completion.

Take action
How Static Code Analyzer works

Strengthen the security of your code in two steps: collaborate on identifying and fixing vulnerabilities and manage results across the organization.

Step 1: Collaborate

Audit Workbench makes it easy for security leads to facilitate the triage of security findings. Security professionals are able to investigate, analyze, and verify individual vulnerabilities, comment on them, set severity levels through smart code navigation and intuitive user-interface features, assign them for remediation, and track activities to completion.

Step 1: Collaborate
Step 2: Manage results

Fortify Static Code Analyzer has web based collaboration capabilities that provides a way for teams across the organization to work together using a role-specific interface. Application security professionals, developers, and managers can work together on code reviews and remediation activities. Developers can address issues in their preferred code development environment while collaborating with the security team using plugins for Eclipse, Microsoft® Visual Studio and IntelliJ.

Step 2: Manage results
release-rel-2018-7-2-828 | Tue Jul 17 16:51:18 PDT 2018
828
release/rel-2018-7-2-828
Tue Jul 17 16:51:18 PDT 2018