SCA Banner Section

Detect more - Why

Detect more

HP Fortify Static Code Analyzer supports a wide variety of development environments, languages, platforms and frameworks to enable security reviews in mixed development and production environment. Fortify SCA supports over 22 development languages, detect 669 unique vulnerability categories, and has over 825,000 component-level APIs.

SCA How it Works

  • Discover

    HP Fortify Static Code Analyzer discovers security vulnerabilities in all your applications whether they are built in-house, outsourced, third party or mobile. It identifies security vulnerabilities in source code and prioritizes them by severity and importance, pinpoints the root cause with line of code detail and provides best practices to help developers removes exploitable vulnerabilities that pose the greatest threats.

  • Analyze

    The Fortify analysis engine, which consists of multiple specialized analyzers, uses secure coding rules to analyze the code base for violations to secure coding practices. HP Fortify SCA provides a rules builder to extend and expand analysis capabilities and be able to include custom rules so you can analyze and review the data collected that is important to the organization.

  • Take action

    HP Fortify Static Code Analyzer's web based collaboration capabilities provides the ability for security professionals, developers and managers to work together on code review and take immediate action to remediate security vulnerabilities quickly, and reduce risk and exposure. Fortify SCA provides visibility so users can analyze individual vulnerabilities, assign them to developers for remedation and track activities to completion.

SCA Screenshot


Audit Workbench makes it easy for security leads to facilitate the triage of security findings. Security professionals are able to investigate, analyze and verify individual vulnerabilites, comment on them, set severity levels through smart code navigation and intuitive user-interface features, assign them for remediation and track activities to completion. 

Manage results

HP Fortify Static Code Analyzer has web based collaboration capabilities that provides a way for teams across the organization to work together using a role-specific interface. Application security professionals, developers, and managers can work together on code reviews and remediation activities. Developers can address issues in their preferred code development environment while collaborating with the security team using plug-ins for Eclipse, Microsoft® Visual Studio.