software/static-code-analysis-sast | why | h1/h2

Fortify Static Code Analyzer

Fortify Static Code Analyzer는 소프트웨어 개발 수명 주기 초기에 소스 코드의 보안 취약성을 식별해서 개발자들이 더 안전하게 코딩할 수 있도록 모범 사례를 제공합니다.

주요 기능


Improve scan times, get results faster, and accelerate the time it takes to get software into production by helping developers improve their programming productivity with incremental scanning.


Supports a wide variety of development environments, languages, platforms, and frameworks to enable security reviews in mixed development and production environments.


Guided by the largest and most complete set of security coding rules that are expanded and automatically updated by the Fortify Software Security Research team.

Easy to Use

Integrate into any environment through scripts, plugins, and tools so developers can get up and running quickly and easily.

Scales to any Application

With support for the most programming languages, Fortify SCA identifies the risk in all types of applications and scales with the growing demands of the business.


Fortify Software Security Center is a centralized management repository providing visibility and reports for your entire appsec testing program. Dashboards highlight the risk in your applications and helps to review, manage and track your security testing activities, prioritize remediation efforts and control your software portfolio.

Reducing Security Risk By Building Better Software

HPE Security Fortify Static Code Analyzer (SCA) is used by development groups and security professionals to analyze the source code of an application for security issues. SCA identifies root causes of software security vulnerabilities, and delivers accurate, risk-ranked results with line-of-code remediation guidance, making it easy for your team to address serious issues first.

(PDF 260 KB)

Getting Software to Production Faster

Businesses require innovative ways to accelerate the SDLC. Fortify SCA offers incremental scanning which deliver faster scan times and results, improves productivity allowing for more scans, and keeps you competitive by releasing applications faster.

(PDF 260 KB)

Taxonomy of Software Security Errors

To help developers understand the common types of coding mistakes that lead to security vulnerabilities, Fortify's research team created The Seven Pernicious Kingdoms, which unifies the organization of vulnerabilities and maps them to industry standards.

Visibility to your application security program in one centralized management repository

하나의 중앙 집중식 관리 리포지토리에서 애플리케이션 보안 프로그램에 대한 가시성 구축

Fortify Software Security Center는 전체 애플리케이션 보안 프로그램을 한눈에 파악하여 소프트웨어 포트폴리오의 보안 취약성을 해결할 수 있도록 지원합니다. 또한 대시보드와 보고서를 통해 효율성과 정확성 및 가치를 측정해 SDLC에서 애플리케이션 보안 데이터의 강력함을 제공합니다.

State of Security in DevOps

애플리케이션 보안 및 DevOps 보고서 2016

자세히 보기


Data Sheet


Build better code with early security testing


(PDF 260 KB)

Solution Brief


Secure your enterprise software with Fortify SCA


(PDF 489 KB)

Trial Software


Start your WebInspect Trial Now




Denim Group strengthens applications with Fortify


(2.26 Minutes)

Related Products, Solutions and Services

Application Security Testing

Fortify on Demand

Application Security as a Service.

Software Security

Fortify Software Security Center

Manage software risk across the entire secure SDLC—from development to QA and through production.


Fortify WebInspect

Automated dynamic security testing tool to find and prioritize exploitable web vulnerabilities.

Mobile Security

Mobile App Security

Secure your mobile stack from device to network communications to server.

Security Intelligence Services

Threat Defense Services

Uncover and implement targeted solutions to the biggest threats to your enterprise.

Application Security

Fortify Application Security

Static and dynamic application security testing to find and fix vulnerabilities before they can be exploited.

Application Security Software

Software Security Assurance

Make your software more immune to attack.

Engage with our Application Security Community

Protect Your Assets Blog

Get IT security insights to protect your business ahead of attackers anywhere in the world.

Security Research Blog

Get innovative research, observations and updates to help you proactively identify threats and manage risk.

Protect724 Community

Join the HPE Security community to share, search, collaborate for solutions and gain feedback.

HPE Security on Twitter

Get the latest tweets on hybrid environment risks and defending against advanced threats.

HPE Security on LinkedIn

Connect with experts and discuss the latest info on new threats and risk in hybrid environments.

HPE Software on Facebook

Join with peers and experts to discuss how to make your HPE software work for you.

HPE Software on Google+

Discuss the latest on how to make your enterprise applications and information work for you.

HPE Business Insights

Gain strategic insights from IT leaders who help others define, measure and achieve better IT performances.