Try our new research platform with insights from 80,000+ expert users

OpenText Static Application Security Testing vs PyCharm comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 19, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

OpenText Static Application...
Ranking in Static Code Analysis
2nd
Average Rating
8.2
Reviews Sentiment
6.9
Number of Reviews
19
Ranking in other categories
No ranking in other categories
PyCharm
Ranking in Static Code Analysis
8th
Average Rating
8.8
Reviews Sentiment
6.9
Number of Reviews
12
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Static Code Analysis category, the mindshare of OpenText Static Application Security Testing is 11.4%, up from 10.2% compared to the previous year. The mindshare of PyCharm is 0.4%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Code Analysis
 

Featured Reviews

Aphiwat Leetavorn. - PeerSpot reviewer
Provides extensive language support and enhances secure coding practices
The deployment of Fortify Static Code Analyzer needs to be simplified. It should be easier to install, perhaps through a container-based approach where everything is combined into one image or pack of containers. This change would facilitate easier installations and ensure all necessary components are connected and ready to use.
Shravan Revanna - PeerSpot reviewer
Gives access to documentation references when hovered over the code
We have integrated the tool with GitHub. PyCharm provides easy integration with GitHub, allowing us to push changes directly. Many plugins are available on PyCharm for GitHub integration, including GitHub Copilot for auto code completion and GitHub Copilot Chat for assistance with code-related queries. The solution has significantly improved my coding efficiency with its feature that shows documentation when I hover over code. This feature, which was recently introduced, is especially useful when using an inbuilt function from a Python package because it gives me immediate access to documentation and references, helping me understand how to use the function properly.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We've found the documentation to be very good."
"I like the Fortify taxonomy as it provides us with a list of all of the vulnerabilities found. Fortify release updated rule packs quarterly, with accompanying documentation, that lets us know what new features are being released."
"You can really see what's happening after you've developed something."
"We are satisfied with this solution."
"Its flexibility is most valuable. It is such a flexible tool. It can be implemented in a number of ways. It can do anything you want it to do. It can be fully automated within a DevOps pipeline. It can also be used in an ad hoc, special test case scenario and anywhere in between."
"We write software, and therefore, the most valuable aspect for us is basically the code analysis part."
"I recommend this product due to its good pricing, extensive language support, valuable features, and additional features like Fortify Academy."
"Integrating the Fortify Static Code Analyzer into our software development lifecycle was straightforward. It highlights important information beyond just syntax errors. It identifies issues like password credentials and access keys embedded in the code."
"The integrated code structure makes coding more organized and manageable compared to using Python alone."
"The solution has a nice environment and extensions that make it easy to develop software."
"We have integrated the tool with GitHub. PyCharm provides easy integration with GitHub, allowing us to push changes directly. Many plugins are available on PyCharm for GitHub integration, including GitHub Copilot for auto code completion and GitHub Copilot Chat for assistance with code-related queries."
"The product's IDE feature is quite user-friendly."
"PyCharm is saving me time and money in general."
"The automated package installation is helpful. I like the code highlighting features. A huge library of plugins is available, including AI coding tools, though I don't use those myself. The debugging tools are good, showing errors and problem lines."
"The recent AI-powered code completion is pretty cool."
"The solution has a great debugging feature."
 

Cons

"I know the areas that they are trying to improve on. They've been getting feedback for several years. There are two main points. The first thing is keeping current with static code languages. I know it is difficult because code languages pop up all the time or there are new variants, but it is something that Fortify needs to put a better focus on. They need to keep current with their language support. The second thing is a philosophical issue, and I don't know if they'll ever change it. They've done a decent job of putting tools in place to mitigate things, but static code analysis is inherently noisy. If you just take a tool out of the box and run a scan, you're going to get a lot of results back, and not all of those results are interesting or important, which is different for every organization. Currently, we get four to five errors on the side of tagging, and it notifies you of every tiny inconsistency. If the tool sees something that it doesn't know, it flags, which becomes work that has to be done afterward. Clients don't typically like it. There has got to be a way of prioritizing. There are a ton of filter options within Fortify, but the problem is that you've got to go through the crazy noisy scan once before you know which filters you need to put in place to get to the interesting stuff. I keep hearing from their product team that they're working on a way to do container or docker scanning. That's a huge market mover. A lot of people are interested in that right now, and it is relevant. That is definitely something that I'd love to see in the next version or two."
"Fortify Static Code Analyzer is a good solution, but sometimes we receive false positives. If they could reduce the number of false positives it would be good."
"I have not seen a return on investment with Fortify Static Code Analyzer."
"I'm not sure if Fortify Static Code Analyzer has AI capabilities. Currently, this solution doesn't quite have what we need."
"The generation of false positives should be reduced."
"Fortify Static Code Analyzer has a bit of a learning curve, and I don't find it particularly helpful in narrowing down the vulnerabilities we should prioritize."
"Their licensing is expensive."
"The pricing is a bit high."
"The user interface and overall user experience could be more intuitive to make it easier for users to navigate and utilize the software effectively."
"There should be support for the RUST plugin in the Community edition for debugging."
"Notebooks in PyCharm is not as intuitive as it could be."
"There is room for improvement in memory usage. It uses too much memory. It can get a bit heavy, especially when you have too many open files and the system becomes very slow."
"The refactor facility in PyCharm is not on par with the refactor facility in IntelliJ. It could be improved since IntelliJ offers many more options for refactoring."
"The navigation can be better."
"They should improve the product's interactiveness."
"The solution is heavy because running it on laptops consumes a lot of memory and power. Typically, a laptop battery might last about eight to nine hours, but with the tool running, it reduces to two hours or one and a half hours at most. It is designed to handle large projects and heavy tasks, making it resource-intensive. For smaller projects, use IDEs like Visual Studio Code."
 

Pricing and Cost Advice

"I rate the pricing of Fortify Static Code Analyzer as a seven out of ten since it is a bit expensive."
"It has a couple of license models. The one that we use most frequently is called their flexible deployment. We use this one because it is flexible and based on the number of code-contributing developers in the organization. It includes almost everything in the Fortify suite for one developer price. It gives access to not just the secure code analyzer (SCA) but also to FSC, the secure code. It gives us accessibility to scan central, which is the decentralized scanning farm. It also gives us access to the software security center, which is the vulnerability management platform."
"There is a licensing fee, and if you bring them to the company and you want them to do the installation and the implementation in the beginning, there is a separate cost. Similarly, if you want consultation or training, there is a separate cost. I see it as suitable only for enterprises. I do not see it suitable for a small business or individual use."
"The price of Fortify Static Code Analyzer could be reduced."
"The licensing is expensive and is in the 50K range."
"Although I am not responsible for the budget, Fortify SAST is expensive."
"From our standpoint, we are significantly better off with Fortify due to the favorable pricing we secured five years ago."
"The setup costs and pricing for Fortify may vary depending on the organization's needs and requirements."
"The community edition is free, which is good."
"I don't have much info on the pricing, but I would say it is somewhat competitive."
"They have a free Community edition, and they also have a licensed version. They definitely have an annual license. They probably also have a monthly license. Its pricing is good and reasonable. It is a little bit more expensive than the others, but it is well worth it. I would rate it a four out of five in terms of pricing."
"The community edition is free and the professional edition has a licensing fee."
"The price is reasonable."
"I use the free community version, so I'm saving money there."
report
Use our free recommendation engine to learn which Static Code Analysis solutions are best for your needs.
862,543 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
29%
Computer Software Company
13%
Manufacturing Company
11%
Government
6%
No data available
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Fortify Static Code Analyzer?
Integrating the Fortify Static Code Analyzer into our software development lifecycle was straightforward. It highlights important information beyond just syntax errors. It identifies issues like pa...
What is your experience regarding pricing and costs for Fortify Static Code Analyzer?
My experience with the pricing, setup costs, and licensing has been good. We have the scan machines, and we are planning to request more from Micro Focus now. We have calls every month or every oth...
What needs improvement with Fortify Static Code Analyzer?
I think Fortify Static Code Analyzer could be improved by updating the number of rule packs according to the latest vulnerabilities we find each year. We have updated to a version that is one less ...
What do you like most about PyCharm?
The integrated code structure makes coding more organized and manageable compared to using Python alone.
What needs improvement with PyCharm?
The refactor facility in PyCharm is not on par with the refactor facility in IntelliJ. It could be improved since IntelliJ offers many more options for refactoring.
What is your primary use case for PyCharm?
My use case for PyCharm code usually involves rapid prototyping, especially related to GenAI.
 

Also Known As

Fortify Static Code Analysis SAST
No data available
 

Overview

Find out what your peers are saying about OpenText Static Application Security Testing vs. PyCharm and other solutions. Updated: June 2025.
862,543 professionals have used our research since 2012.