I have utilized Fortify's integration with development tools, specifically with GitLab and Jira. Development teams are getting a lot out of the flexible workflows because they did not have these kinds of tools before. They are getting automatic analysis because we configured the pipelines using Fortify and architected the process for automatic analysis. When the development team compiles the code and puts it in the repository, automatically we get the SAST analysis. When the SAST analysis is done and reaches the goal, we automatically trigger the WebInspect analysis, and when the WebInspect analysis is done and reaches the goal, we release the code for performance testing. I would rate this solution a ten out of ten.
I use ChatGPT and Google Cloud SQL. I use GitLab Premium solution and have used the DevOp solution. We don't use any Microsoft solutions currently, but we have security solutions including Fortify Software Security Center. I am both a reseller and user of Fortify Software Security Center. On a scale of 1-10, I rate Fortify Software Security Center an 8 out of 10.
I would recommend Fortify Software Security Center to other organizations. I am not satisfied with the percentage of false positives, which is around eighteen percent. However, I am waiting for the new version to improve this. I rate the overall solution an eight out of ten.
For those planning to use Software Security Center, I recommend it for deep analysis of vulnerability data. It provides reliable data with fewer false positives and customizable reports. The solution is highly customizable, highly scalable, and has become more accurate since the implementation of AI. The overall rating for this tool is ten out of ten.
Fortify Analytics' AI function helps scan and provides more detailed explanations and recommendations about vulnerabilities. It has a good collaboration function and is a centralized software solution. I rate it a nine out of ten.
Find out what your peers are saying about OpenText, Checkmarx, Invicti and others in Static Application Security Testing (SAST). Updated: January 2026.
Head Of Information Security at a tech services company with 51-200 employees
Real User
Aug 7, 2019
The biggest lesson that I have learned from this solution is that investing in R&D is not the only factor in a successful product. You have to invest in all factors, including after-sale support. I would rate this solution a seven out of ten.
SAST is a method designed to detect security vulnerabilities within an application's source code. By analyzing the code structure, SAST identifies potential flaws early in the development cycle, promoting secure coding practices and reducing the risk of security issues in production.
Unlike dynamic testing that examines an application during runtime, SAST operates on static code analysis. This early detection capability is crucial as it enables developers to address vulnerabilities before...
I have utilized Fortify's integration with development tools, specifically with GitLab and Jira. Development teams are getting a lot out of the flexible workflows because they did not have these kinds of tools before. They are getting automatic analysis because we configured the pipelines using Fortify and architected the process for automatic analysis. When the development team compiles the code and puts it in the repository, automatically we get the SAST analysis. When the SAST analysis is done and reaches the goal, we automatically trigger the WebInspect analysis, and when the WebInspect analysis is done and reaches the goal, we release the code for performance testing. I would rate this solution a ten out of ten.
I use ChatGPT and Google Cloud SQL. I use GitLab Premium solution and have used the DevOp solution. We don't use any Microsoft solutions currently, but we have security solutions including Fortify Software Security Center. I am both a reseller and user of Fortify Software Security Center. On a scale of 1-10, I rate Fortify Software Security Center an 8 out of 10.
I would recommend Fortify Software Security Center to other organizations. I am not satisfied with the percentage of false positives, which is around eighteen percent. However, I am waiting for the new version to improve this. I rate the overall solution an eight out of ten.
For those planning to use Software Security Center, I recommend it for deep analysis of vulnerability data. It provides reliable data with fewer false positives and customizable reports. The solution is highly customizable, highly scalable, and has become more accurate since the implementation of AI. The overall rating for this tool is ten out of ten.
Fortify Analytics' AI function helps scan and provides more detailed explanations and recommendations about vulnerabilities. It has a good collaboration function and is a centralized software solution. I rate it a nine out of ten.
I would rate the product an eight out of ten.
I would rate this solution a seven out of ten.
The biggest lesson that I have learned from this solution is that investing in R&D is not the only factor in a successful product. You have to invest in all factors, including after-sale support. I would rate this solution a seven out of ten.