OpenText Static Application Security Testing Reviews

Name: OpenText Static Application Security Testing
Brand: OpenText
Rating: 4.1 (19 reviews)

4.1 out of 5

19 reviews
89% willing to recommend

What is OpenText Static Application Security Testing?

OpenText Static Application Security Testing empowers teams with efficient vulnerability detection and streamlined secure coding practices, offering comprehensive language support and seamless integration with development tools.

Get the OpenText Static Application Security Testing Buyer's Guide and find out what your peers are saying about OpenText Static Application Security Testing, Veracode, Mend.io and more!

OpenText Static Application Security Testing is the #2 ranked solution in top Static Code Analysis solutions. PeerSpot users give OpenText Static Application Security Testing an average rating of 8.2 out of 10. OpenText Static Application Security Testing is most commonly compared to Veracode: OpenText Static Application Security Testing vs Veracode. OpenText Static Application Security Testing is popular among the large enterprise segment, accounting for 73% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 29% of all views.

Buyer's Guide

OpenText Static Application Security Testing

June 2025

Get the report

Helped 857,688 peers since 2012

Featured OpenText Static Application Security Testing reviews

Aphiwat Leetavorn.

CTO at Marco Technology

The deployment of Fortify Static Code Analyzer needs to be simplified. It should be easier to install, perhaps through a container-based approach where everything is combined into one image or pack of containers. This change would facilitate easier installations and ensure all necessary components are connected and ready to use.

Read full review

Vishal Dhamke

Vice President Application Security North America at BNP Paribas

Setting up Fortify Static Application Security Testing (SAST) involves several steps to ensure that the tool is correctly configured and integrated into your development workflow, for example: installation, license activation, user access and permissions, integration with the development environment, project configuration, custom rules and policies, etc. The initial setup is very easy. I have used the enterprise version and a standalone version. The enterprise version definitely takes an ample amount of time to deploy because it needs to have a server, other logistics, and a proper RBAC in place. The enterprise version would take an ample amount of time, but the standard version is just a few clicks. A team of four to five people is required for the maintenance, and frequent updates are required to keep all the signatures up to date. I would rate the setup a nine out of ten.

Read full review

Dristi Kurre

Lead Information Security Analyst at a financial services firm with 10,001+ employees

I think Fortify Static Code Analyzer could be improved by updating the number of rule packs according to the latest vulnerabilities we find each year. We have updated to a version that is one less than the current latest version. It would be really helpful to include trending vulnerabilities and how to manage them. While it includes all the OWASP top factors, AI has come into the picture, so those updates should also be considered. I haven't thought much about additional features for improvement since I am using it daily. Most of our work revolves around scanning and providing the results, which sometimes feels like a crunch. However, I believe rule pack updates should be implemented. It feels easy to upgrade to the latest version as well.

Read full review

OpenText Static Application Security Testing mindshare

As of June 2025, the mindshare of OpenText Static Application Security Testing in the Static Code Analysis category stands at 11.7%, up from 10.0% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Static Code Analysis

PeerResearch reports based on OpenText Static Application Security Testing reviews

Type	Title	Date
Category	Static Code Analysis	Jun 19, 2025	Download
Product	Reviews, tips, and advice from real users	Jun 19, 2025	Download
Comparison	OpenText Static Application Security Testing vs Veracode	Jun 19, 2025	Download
Comparison	OpenText Static Application Security Testing vs Checkmarx One	Jun 19, 2025	Download
Comparison	OpenText Static Application Security Testing vs Mend.io	Jun 19, 2025	Download

Title	Rating	Mindshare	Recommending
Veracode	4.1	26.8%	90%	201 interviews Add to research
Mend.io	4.2	9.0%	96%	31 interviews Add to research

Valuable Features

OpenText Static Application Security Testing excels in flexibility, enabling seamless deployment in various DevOps contexts. Its robust code analysis identifies vulnerabilities, offering remediation guidance and minimizing false positives. The extensive language support spans both legacy and modern languages, ensuring secure coding practices. Its integration with IDEs and CI/CD pipelines enhances the software development lifecycle, allowing automation of security testing processes. Users value its user-friendly interface and comprehensive vulnerability tracking and reporting capabilities.

"My initial setup of Fortify Static Code Analyzer was good."
"We are satisfied with this solution."
"I recommend this product due to its good pricing, extensive language support, valuable features, and additional features like Fortify Academy."

Room for Improvement

OpenText Static Application Security Testing needs to enhance its language support and reduce false positives. It requires improved integration with IDEs and a simpler configuration process. The high memory usage and long scanning times for certain languages need optimization. Updates should occur more frequently, and the interface needs modernization. Its cost is a concern for smaller organizations, while integration with tools like Jira and Active Directory could be streamlined. Additionally, database compatibility and AI capabilities could be expanded.

"I have not seen a return on investment with Fortify Static Code Analyzer."
"I'm not sure if Fortify Static Code Analyzer has AI capabilities. Currently, this solution doesn't quite have what we need."
"The deployment of Fortify Static Code Analyzer needs to be simplified."

ROI

Organizations reported early identification of vulnerabilities saves costs in development. Members experienced a significant return ranging from ten to twenty times their initial investment. Continuous updates from OpenText introduced new features, enhancing its value. Assessors noted prevention of potential security breaches contributed to overall financial benefits, although some found it difficult to quantify. Others have seen no return but commended great communication and learning experiences with early vulnerability discovery saving costs in development.

Pricing

Enterprise users of OpenText Static Application Security Testing noted that its flexible licensing aligns with code-contributing developers and provides extensive access to the Fortify suite. However, the pricing is considered high, with some citing costs around $50K, making it suitable mainly for large organizations. Setup and customization may incur additional charges. While generally deemed expensive, some users appreciate the solution's robustness and find it competitive compared to other major market offerings.

"I rate the pricing of Fortify Static Code Analyzer as a seven out of ten since it is a bit expensive."
"The setup costs and pricing for Fortify may vary depending on the organization's needs and requirements."
"Although I am not responsible for the budget, Fortify SAST is expensive."

Popular Use Cases

Organizations primarily use OpenText Static Application Security Testing to identify vulnerabilities and security issues in software during the development cycle. It is integrated into build pipelines such as GitLab, Jenkins, and Azure DevOps to automate code scanning. The tool supports container images and various programming languages, ensuring comprehensive security checks. By conducting static analysis, it helps developers address vulnerabilities early, enhancing security throughout the software lifecycle.

Service and Support

OpenText Static Application Security Testing's customer service and support receive positive feedback. Users appreciate responsive customer service, proactive assistance, and dedicated premium support teams. Many highlight the assistance they receive as very satisfactory, although some suggest improvements in efficiency, such as live chat. While not all users engage directly with support, most find the help satisfactory and rate their interactions highly. Some experience delays with issues needing product enhancements, but technical support remains generally well-regarded.

Deployment

OpenText Static Application Security Testing's initial setup can range from simple to complex. Basic installations are straightforward, often as easy as deploying a VM. However, the enterprise version can be more challenging, requiring significant resources and time due to server and integration needs. Users noted the need for proper system configurations, database compatibility, and routine maintenance. Despite some complications, particularly in strict environments, users found setup manageable with available guides and support.

Scalability

OpenText Static Application Security Testing demonstrates considerable scalability, efficiently accommodating a wide range of users and project sizes. It integrates seamlessly with existing infrastructures and fits diverse organizational needs. Users mention exceptional performance when managing large codebases and multiple locations. Even though some users see room for improvement in expansion speed, the resource management features and integration capabilities help optimize development processes. Users often assign high importance to its scalability features.

Stability

OpenText Static Application Security Testing exhibits strong stability according to feedback. Users report minimal flaws post version 19.10, praising reliability without crashes or glitches. Performance can depend on hardware and network configurations. Those well-trained in Fortify SAST obtain better outcomes. The ease of use in deployment alongside satisfaction with security center results is noted. Ratings largely range between seven and ten out of ten, indicating consistent reliability.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our OpenText Static Application Security Testing Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

29%

Computer Software Company

13%

Manufacturing Company

10%

Government

Real Estate/Law Firm

University

Energy/Utilities Company

Healthcare Company

Insurance Company

Educational Organization

Retailer

Comms Service Provider

Media Company

Transportation Company

Consumer Goods Company

Construction Company

Aerospace/Defense Firm

Legal Firm

Non Profit

Outsourcing Company

Marketing Services Firm

Hospitality Company

Performing Arts

Wholesaler/Distributor

Logistics Company

Compare OpenText Static Application Security Testing with alternative products

Learn more about OpenText Static Application Security Testing

OpenText Static Application Security Testing enhances software security during development by accurately identifying vulnerabilities with minimal false positives. It integrates seamlessly with IDEs and CI/CD pipelines, making it highly efficient for early detection of security issues. Users benefit from its easy setup, clear documentation, and centralized portal for managing security findings. Despite facing challenges like high costs and complex configurations for certain languages, its role in facilitating compliance and streamlining secure coding processes is indispensable. Improvements are needed in areas such as outdated design, language support, and integration capabilities to meet evolving user expectations.

What features does OpenText Static Application Security Testing offer?

Seamless IDE Integration: Integrates effortlessly with development environments for real-time feedback.
Comprehensive Language Support: Covers a wide range of programming languages, enhancing detection accuracy.
Centralized Security Portal: Provides a streamlined interface for managing vulnerabilities.

What benefits and ROI should users consider?

Enhanced Security: Identifies vulnerabilities early, preventing potential breaches.
Time Efficiency: Automates processes and speeds up remediation efforts.
Compliance Facilitation: Assists in adhering to security standards and regulations.

Organizations across diverse sectors implement OpenText Static Application Security Testing primarily to secure applications during development phases. Its integration with tools like GitLab, Jenkins, and Azure DevOps ensures a robust security pipeline. By combining with Sonatype Nexus, secure code, and library management is achieved effectively.

OpenText Static Application Security Testing was previously known as Fortify Static Code Analysis SAST.