Application Security Testing

OpenText Static Application Security Testing (Fortify)

Find and fix security issues early with industry-leading accuracy

OpenText Static Application Security Testing platform dashboard on a computer

OpenText recognized as a Customers' Choice by Gartner®Get the report

Automate security in the CI/CD pipeline

Traditional SAST tools often require tuning and expertise, overwhelming teams with false positives. Others are easy to use, but miss vulnerabilities. OpenText™ Static Application Security Testing (Fortify) (SAST) enables DevSecOps with precise vulnerability detection, broad language support, and seamless CI/CD integration. AI-driven insights help developers prioritize and resolve vulnerabilities efficiently, reducing security risk across the SDLC.

Why OpenText Static Application Security Testing?

Find critical vulnerabilities others miss. OpenText SAST integrates with GitHub, GitLab, Jenkins, Azure DevOps, VS Code, Eclipse, and more to secure code early while keeping developers moving fast.

1,495+
vulnerability categories assessed
Across 33+ languages and more than one million individual APIs.
350+
frameworks supported
Providing unparalleled breadth and flexibility, ensuring comprehensive security coverage across diverse development environments.
94%
of OpenText users agree
OpenText Static Application Security Testing helps them improve their application security program.
See what customers are saying

Integrating [OpenText SAST] has reduced the efforts required for code review, and the quality it provides is better than other market tools.

Susanta Roy
AppSec Manager, Accenture

Automating our security testing with [OpenText], we've covered almost 100 percent of our CI/CD pipelines, which amount to several tens of thousands, with SAST scans.

Filipe de Figueiredo Mendes
Security Specialist, Banco Bradesco

By integrating [OpenText SAST] into our CI/CD pipelines, we automate security testing and identify vulnerabilities early, reducing remediation costs and accelerating secure software delivery.

DevOps Engineer
Medium Enterprise Professional Services Company

…our testing efforts have been easier to quantify and manage both for first-time scans and periodic scans of software modules (at the review level when after developer teams turn the FPRs in).

ISSM/Program Security Engineer
Medium Enterprise Aerospace & Defense Company

[OpenText] helped us in finding vulnerabilities in our developer's code. The recommendation for each finding helped our developer to fix their code quickly. This will help secure the products we publish.

Manager
Medium Enterprise Internet Software & Services Company

Use cases

OpenText SAST delivers comprehensive security across many development languages while integrating with your dev tool of choice. Balance speed and accuracy with custom scan depth, reduce false positives with AI assistance, and scale dynamically.

Scan source code as it’s written to catch vulnerabilities before code is merged or released. Find issues in the developer IDE or pull requests before merge. Fixing issues early drastically reduces remediation cost and prevents security debt from accumulating.
Embed SAST into DevOps pipelines to automatically block or flag insecure code at each build or deploy stage. This ensures security keeps pace with agile development and doesn’t slow down release velocity.
Enforce secure coding practices and detect violations of compliance frameworks like OWASP Top 10, NIST, PCI-DSS, ISO 27001, and more with policy-based scan enforcement and reporting that reduces the risk of audits, fines, or reputational damage from non-compliance.
Apply consistent security scanning across both legacy stacks and modern architectures (e.g., microservices, APIs, containers). Static analysis extends to mobile platforms, REST APIs, and modern interfaces. This serves enterprises running hybrid environments that need full-stack security coverage.
Use centralized dashboards and customizable reporting to track findings, remediation progress, and team performance to give security leaders the visibility they need to manage risk and communicate status to management and dev teams.
Offer actionable guidance, IDE integrations, and in-context remediation advice to help developers fix vulnerabilities faster. Reduce friction between security and dev teams, improve fix rates, and encourage secure coding habits.

Key features

OpenText SAST delivers enterprise-grade code security with AI-powered analysis, cloud-native support, and flexible deployment to help organizations reduce risk, streamline compliance, and build secure software at scale.

Comprehensive language and framework coverage

Supports 33+ languages, 350+ frameworks, and detection of over 200+ types of secrets in source code. Enables consistent, comprehensive security testing across your entire codebase.

Flexible deployment options

Includes options such as the SaaS-based OpenText™ Core Application Security Testing platform, private hosted, which combines SaaS and on-premises features, and off-cloud, which offers full control over the application security testing solution.

Integrated infrastructure-as-code (IaC) scanning

Provides best-in-class IaC and app security scanning in one platform, supporting Docker®, Kubernetes®, and serverless, all powered by a single core engine.

AI-powered auditing and remediation

Accelerates auditing and vulnerability detection, paired with automated code fixes suggestions for SAST vulnerabilities, using OpenText™ Application Security Aviator™, accessible via SaaS and off-cloud.

Next-gen SAST engine

Offers coverage across 33+ languages, 1,495+ vulnerability categories, 350+ frameworks, and over 1 million APIs.

Comprehensive language and framework coverage

OpenText SAST provides accurate support for 33+ major languages and their frameworks, with agile updates backed by the industry-leading Software Security Research (SSR) team

SAP ABAP

Action Script

Angular

Apex

Microsoft ASP

Bicep

CSharp

C++

COBOL

Cold Fusion

Docker

Go Lang

HTML5

Java

Java Script

JSON

JSP

Kotlin

MXML

.Net

.NETCore

PL/SQL

Python

Ruby

Scala

Swift Trans

T-SQL

Terraform

Type Script

Microsoft Visual Basics

Visual Basic

Windows Mobile

XML

YAML

Accelerate the value of OpenText Static Application Security Testing

Deployment

OpenText offers deployment choice and flexibility for OpenText Static Application Security Testing.

Run anywhere and scale globally in the public cloud of your choice

OpenText Public Cloud (Multi-Tenant SaaS)
Extend your team

Off Cloud, on-premises software, managed by your organization or OpenText

Accelerate cloud strategies with OpenText cloud experts

OpenText Private Cloud (Single Tenant) on OpenText Cloud, AWS, GCP, or Azure
Develop, connect and extend your Information Management capabilities

API from OpenText Developer Cloud

Professional Services

OpenText Professional Services combines end-to-end solution implementation with comprehensive technology services to help improve systems.

Get a trusted partner to guide your information management path

Your journey to success
Accelerate your information management journey

Consulting Services

Propel your business into the future with modern solutions

NextGen Services
Unlock the full potential of your information management solution

Customer Success Services

Partners

OpenText helps customers find the right solution, the right support, and the right outcome.

Search OpenText's Partner directory

Find a Partner
Explore OpenText's Partner solutions catalog

Application Marketplace

Industry-leading organizations that enhance OpenText products and solutions

Strategic Partners

Communities

Explore our OpenText communities. Connect with individuals and companies to get insight and support. Get involved in the discussion.

Explore ideas, join discussions, and network

OpenText community

OpenText Static Application Security Testing resources

Static application security testing (SAST) analyzes application source code, bytecode, or binaries to detect security vulnerabilities during development. Identifying risks like early in the software development lifecycle (SDLC), makes remediation faster and less expensive.
OpenText SAST is a static analysis solution supporting 33+ programming languages and integrating with developer tools, CI/CD pipelines, and ticketing systems. It combines deep static analysis with vulnerability coverage mapped to standards such as OWASP Top 10, CWE, and NIST.
SAST helps developers embed security into early software development. OpenText SAST integrates with IDEs (e.g., Visual Studio®, IntelliJ®), build tools (e.g., Maven, Gradle), and CI/CD platforms (e.g., Jenkins™, Azure DevOps®), allowing security scans to run automatically during coding and builds.
While SAST primarily analyzes proprietary code, OpenText complements it with Software Composition Analysis (SCA) tools that identify risks in open-source libraries, such as known vulnerabilities, outdated components, and licensing issues.
OpenText SAST supports web, mobile, desktop, and cloud-native applications across a wide range of languages including Java, .NET, JavaScript, Python, C/C++, Swift, Kotlin, Go, and more. It also handles infrastructure-as-code (IaC), containers, and APIs.
OpenText SAST provides out-of-the-box support for security and compliance frameworks such as OWASP Top 10, PCI DSS, NIST 800-53, and ISO 27001. The platform delivers policy-based scan management, audit-ready reporting, and dashboards that demonstrate risk posture and remediation progress.
OpenText Static Application Security Testing offers flexible deployment on-premises for full control and customization, as hosted and managed scanning infrastructure where your team submits code remotely, and as a fully managed experience (OpenText™ Core Application Security).
OpenText SAST includes support for popular IDEs like Visual Studio, IntelliJ, and Eclipse®, as well as CI/CD tools such as Jenkins, GitHub Actions®, GitLab CI®, Azure DevOps, and Bamboo™. The platform also integrates with issue tracking systems like Jira®, enabling automatic ticket creation.

March 11, 2025

Smarter, faster AppSec

Turn SAST findings into learning, helping developers quickly remediate vulnerabilities.

Read the blog

March 3,2025

Why SAST false positives are inevitable

Explore why false positives in SAST tools occur, the trade-offs involved, and how to manage them.

Read the blog

January 17, 2025

Why SAST + SCA is the key to protecting your organization in 2025

Software supply chain risk continues to rise—156% year-over-year increase in malicious attacks.

Read the blog

November 25, 2024

Customers’ Choice

OpenText recognized for Application Security Testing on Gartner® Peer Insights™︎.

Read the blog

October 25, 2024

Generative AI: A double-edged sword for application security

IDC predicts that by 2026, 40% of net-new applications will incorporate AI.

Read the blog

Person wearing glasses looking at a computer screen

September 26, 2024

Auto-remediation: the future of AppSec?

Read the blog

June 20,2023

OpenText named a Leader in Critical Capabilities by Gartner

OpenText is a Leader in SAST and DAST, and one of the only vendors that moved up in the quadrant.

Read the blog

What is static application security testing (SAST)

Learn more

Cybersecurity in a Web 3.0 world

Learn more

5 reasons why SAST + DAST with OpenText makes sense

Learn more

OpenText SAST tools

View the community page

What is static application security testing (SAST)

Learn more

Cybersecurity in a Web 3.0 world

Learn more

5 reasons why SAST + DAST with OpenText makes sense

Learn more

OpenText SAST tools

View the community page

OpenText™ Core Application Security

Unlock security testing, vulnerability management, and tailored expertise and support
OpenText™ Dynamic Application Security Testing

Scan, test, and identify security vulnerabilities in apps and services
OpenText™ Application Security Aviator

Secure smarter, not harder with AI code analysis and code fix suggestions
OpenText™ Core Software Composition Analysis

Take full control of open source security, compliance, and health

Take the next step

Interested in learning more? An OpenText expert is ready to help.

Contact us

Aviator AIAviator AI

Analytics CloudAnalytics Cloud

Data Lakehouse & AnalyticsData Lakehouse & Analytics

BI, Visualization & ReportingBI, Visualization & Reporting

eDiscovery with AIeDiscovery with AI

OpenText™ Aviator Search

Business Network CloudBusiness Network Cloud

Supply Chain AutomationSupply Chain Automation

B2B IntegrationB2B Integration

Secure CollaborationSecure Collaboration

Supply Chain TraceabilitySupply Chain Traceability

Supply Chain InsightsSupply Chain Insights

Industry Applications and ServicesIndustry Applications and Services

OpenText™ Business Network Aviator

Content CloudContent Cloud

Document ManagementDocument Management

AI Content ManagementAI Content Management

Capture and Intelligent Document ProcessingCapture and Intelligent Document Processing

Process AutomationProcess Automation

Business IntegrationsBusiness Integrations

Information ArchivingInformation Archiving

Industry SolutionsIndustry Solutions

Information GovernanceInformation Governance

OpenText™ Content Aviator

Cybersecurity CloudCybersecurity Cloud

Application Security TestingApplication Security Testing

Data SecurityData Security

Security OperationsSecurity Operations

Identity and Access ManagementIdentity and Access Management

Digital Forensics and Incident ResponseDigital Forensics and Incident Response

OpenText™ Cybersecurity Aviator

DevOps CloudDevOps Cloud

DevOps PlatformDevOps Platform

Functional TestingFunctional Testing

PPM and Strategic Portfolio ManagementPPM and Strategic Portfolio Management

Quality ManagementQuality Management

Performance EngineeringPerformance Engineering

OpenText™ DevOps Aviator

Experience CloudExperience Cloud

Web & Mobile ExperiencesWeb & Mobile Experiences

Contact Center AnalyticsContact Center Analytics

Messaging & FaxMessaging & Fax

Customer CommunicationsCustomer Communications

Digital Asset ManagementDigital Asset Management

Customer Journey and DataCustomer Journey and Data

OpenText™ Experience Aviator

Observability and Service Management CloudObservability and Service Management Cloud

Service ManagementService Management

ObservabilityObservability

AIOpsAIOps

Automation and Vulnerability RemediationAutomation and Vulnerability Remediation

CMDB and Asset ManagementCMDB and Asset Management

OpenText™ Service Management Aviator

OpenText™ ThrustOpenText™ Thrust

OpenText™ Thrust bundleOpenText™ Thrust bundle

OpenText™ Aviator Thrust

Device and Data ProtectionDevice and Data Protection

Enterprise Data Backup and Disaster Recovery SolutionsEnterprise Data Backup and Disaster Recovery Solutions

Unified Endpoint Management ToolsUnified Endpoint Management Tools

Hybrid Work, Email, and Team Collaboration Hybrid Work, Email, and Team Collaboration

Email Archiving, E-Discovery, Data Archiving ComplianceEmail Archiving, E-Discovery, Data Archiving Compliance

Connectivity and Document ManagementConnectivity and Document Management

Information reimaginedInformation reimagined

Artificial IntelligenceArtificial Intelligence

IndustryIndustry

Enterprise ApplicationsEnterprise Applications

Your journey to successYour journey to success

Customer SupportCustomer Support

Customer Success ServicesCustomer Success Services

Consulting ServicesConsulting Services

NextGen ServicesNextGen Services

Cloud MigrationCloud Migration

Latest product releasesLatest product releases

Learning ServicesLearning Services

Managed ServicesManaged Services

Find an OpenText PartnerFind an OpenText Partner

Find a Partner SolutionFind a Partner Solution

Grow as a PartnerGrow as a Partner

Become a Partner

Asset LibraryAsset Library

Aviator AI

Analytics Cloud

Data Lakehouse & Analytics

BI, Visualization & Reporting

eDiscovery with AI

Business Network Cloud

Supply Chain Automation

B2B Integration

Secure Collaboration

Supply Chain Traceability

Supply Chain Insights

Industry Applications and Services

Content Cloud

Document Management

AI Content Management

Capture and Intelligent Document Processing

Process Automation

Business Integrations

Information Archiving

Industry Solutions

Information Governance

Cybersecurity Cloud

Application Security Testing

Data Security

Security Operations

Identity and Access Management

Digital Forensics and Incident Response

DevOps Cloud

DevOps Platform

Functional Testing

PPM and Strategic Portfolio Management

Quality Management

Performance Engineering

Experience Cloud

Web & Mobile Experiences

Contact Center Analytics

Messaging & Fax

Customer Communications

Digital Asset Management

Customer Journey and Data

Observability and Service Management Cloud

Service Management

Observability

AIOps

Automation and Vulnerability Remediation

CMDB and Asset Management

OpenText™ Thrust

OpenText™ Thrust bundle

Device and Data Protection

Enterprise Data Backup and Disaster Recovery Solutions

Unified Endpoint Management Tools

Hybrid Work, Email, and Team Collaboration

Email Archiving, E-Discovery, Data Archiving Compliance

Connectivity and Document Management

Information reimagined

Artificial Intelligence

Industry

Enterprise Applications

Your journey to success

Customer Support

Customer Success Services

Consulting Services

NextGen Services

Cloud Migration

Latest product releases

Learning Services

Managed Services

Find an OpenText Partner

Find a Partner Solution

Grow as a Partner

Asset Library

Blogs

Events

Communities

Customer Stories

OpenText Navigator

Marketplace