Lead Information Security Analyst at a financial services firm with 10,001+ employees
Real User
Top 5
2025-05-29T08:40:51Z
May 29, 2025
My experience with the pricing, setup costs, and licensing has been good. We have the scan machines, and we are planning to request more from Micro Focus now. We have calls every month or every other month, and the Micro Focus team has been helping us set that up as well.
The pricing of Fortify Static Code Analyzer is good, with a flexible model that allows customers to choose a setup that suits their needs. There are some features that require additional purchases, such as the SonarType integration.
There is a licensing fee, and if you bring them to the company and you want them to do the installation and the implementation in the beginning, there is a separate cost. Similarly, if you want consultation or training, there is a separate cost. I see it as suitable only for enterprises. I do not see it suitable for a small business or individual use. In the future, if they have other versions for smaller organizations or individuals who want to install it on their machines and use it, it would be good.
Learn what your peers think about OpenText Static Application Security Testing. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
It has a couple of license models. The one that we use most frequently is called their flexible deployment. We use this one because it is flexible and based on the number of code-contributing developers in the organization. It includes almost everything in the Fortify suite for one developer price. It gives access to not just the secure code analyzer (SCA) but also to FSC, the secure code. It gives us accessibility to scan central, which is the decentralized scanning farm. It also gives us access to the software security center, which is the vulnerability management platform.
OpenText Static Application Security Testing empowers teams with efficient vulnerability detection and streamlined secure coding practices, offering comprehensive language support and seamless integration with development tools.OpenText Static Application Security Testing enhances software security during development by accurately identifying vulnerabilities with minimal false positives. It integrates seamlessly with IDEs and CI/CD pipelines, making it highly efficient for early detection of...
My experience with the pricing, setup costs, and licensing has been good. We have the scan machines, and we are planning to request more from Micro Focus now. We have calls every month or every other month, and the Micro Focus team has been helping us set that up as well.
The pricing of Fortify Static Code Analyzer is good, with a flexible model that allows customers to choose a setup that suits their needs. There are some features that require additional purchases, such as the SonarType integration.
I rate the pricing of Fortify Static Code Analyzer as a seven out of ten since it is a bit expensive.
The setup costs and pricing for Fortify may vary depending on the organization's needs and requirements.
Their licensing is expensive.
There is a licensing fee, and if you bring them to the company and you want them to do the installation and the implementation in the beginning, there is a separate cost. Similarly, if you want consultation or training, there is a separate cost. I see it as suitable only for enterprises. I do not see it suitable for a small business or individual use. In the future, if they have other versions for smaller organizations or individuals who want to install it on their machines and use it, it would be good.
The licensing is expensive and is in the 50K range.
The price of Fortify Static Code Analyzer could be reduced.
The licensing is extremely expensive.
It has a couple of license models. The one that we use most frequently is called their flexible deployment. We use this one because it is flexible and based on the number of code-contributing developers in the organization. It includes almost everything in the Fortify suite for one developer price. It gives access to not just the secure code analyzer (SCA) but also to FSC, the secure code. It gives us accessibility to scan central, which is the decentralized scanning farm. It also gives us access to the software security center, which is the vulnerability management platform.