OpenText Fortify Static Code Analyzer

OpenText Fortify Static Code Analyzer

OpenText From Canada

OpenTextโ„ข Fortify Static Code Analyzer effectively identifies and addresses security vulnerabilities in source code by locating their root causes and prioritizing the most critical issues. It supports 1,657 vulnerability categories across over 33 programming languages, enabling developers to minimize false positives and integrate security seamlessly into their existing workflows.

Top OpenText Fortify Static Code Analyzer Alternatives

StackScan

StackScan

Find and compile website lists based on the technology stacks they use, covering 50,000+ technologies across 105 million domains.

StackScan Pte Ltd
COBOL Analyzer

COBOL Analyzer

The COBOL Analyzer empowers developers to continuously assess their code during local changes, ensuring quality before committing to source control. Utilizing a relational database for centralized application data, it offers intuitive visualizations and a pre-built query library, helping identify affected code efficiently and enhancing overall application visibility for stakeholders.

OpenText From Canada
Polyspace Code Prover

Polyspace Code Prover

Polyspace Code Prover is a static analysis tool that ensures the absence of critical runtime errors in C and C++ code without executing it. By employing formal methods, it examines all code paths to detect potential issues such as overflows and divide-by-zero errors, while also providing insights into variable ranges and unreachable code. It adheres to safety standards like IEC 61508 and ISO 26262, making it essential for industries that demand stringent software certification.

MathWorks From United States
Axivion Static Code Analysis

Axivion Static Code Analysis

Axivion Static Code Analysis is a robust static code analysis tool designed for C and C++ developers. It automates compliance checks with coding standards such as MISRA C and CERT, identifying vulnerabilities, dead code, and metric violations. Its features ensure high-quality code, supporting safe software development through rigorous architecture verification and real-time feedback.

Qt Group From Finland
Qodana

Qodana

Qodana is a powerful static code analysis tool that enhances code quality within CI pipelines. By incorporating JetBrains IDE inspections, it guides development teams in producing secure, maintainable, and readable code. With automatic fix suggestions and seamless integration into existing workflows, Qodana supports open-source projects without unexpected costs.

JetBrains From Czech Republic
ESLint

ESLint

ESLint is a powerful static code analysis tool that identifies and resolves issues in JavaScript code, whether in the browser or server-side. With extensive customization options, developers can configure built-in and custom rules to enforce coding standards effectively. The integration with text editors and continuous integration pipelines enhances productivity by automating problem detection and resolution.

Eslint From United States
Jedi

Jedi

Jedi is a sophisticated static analysis tool for Python, primarily integrated into IDEs and editor plugins. It excels in autocompletion and "goto" functionality, while also offering robust features like code refactoring and reference searching. With a straightforward API and a VIM plugin implementation, it ensures seamless integration and reliable performance in coding environments.

pyFBS From Slovenia
Coverity Static Analysis

Coverity Static Analysis

Coverity Static Analysis enables developers and security teams to identify and resolve code quality and security defects across extensive codebases. By supporting standards like OWASP Top 10 and CWE Top 25, it provides actionable insights through built-in reports. The Code Sightโ„ข IDE plugin delivers real-time results and remediation guidance directly in development environments, enhancing security integration while maintaining workflow efficiency.

Black Duck From United States
PMD

PMD

PMD serves as a robust source code analyzer that identifies prevalent programming issues such as unused variables, empty catch blocks, and unnecessary object creation. With support for languages like Salesforce.com Apex, Java, and JavaScript, it enhances code quality. Additionally, its CPD feature detects duplicate code across various programming languages, promoting cleaner, more efficient coding practices.

Android And Me
beSOURCE

beSOURCE

beSOURCE transforms code security by seamlessly integrating SecOps into DevOps. This solution employs advanced static application security testing (SAST) to evaluate the security quality of applications, ensuring alignment with relevant standards. By addressing vulnerabilities from multiple angles, it empowers organizations to enhance their software development lifecycle while maintaining robust security measures.

Beyond Security (Fortra) From United States
CodeQL

CodeQL

CodeQL empowers developers to uncover vulnerabilities within a codebase through its sophisticated semantic analysis capabilities. By querying code as data, users can identify and eliminate vulnerability variants. With its integration in Visual Studio Code, CodeQL facilitates the creation of databases for OSI-approved projects, enhancing both security and collaborative efforts in the open-source community.

GitHub From United States
PHPStan

PHPStan

PHPStan is an open-source static analysis tool designed to identify bugs in PHP code without requiring tests. By scanning entire codebases, it uncovers both obvious errors and subtle issues in rarely executed statements. It supports legacy code, integrates seamlessly into CI pipelines, and offers gradual rule levels for manageable improvements. With advanced PHP feature support and extensions for popular frameworks, PHPStan empowers developers to enhance their code quality effectively and efficiently.

From United States
Checkstyle

Checkstyle

Checkstyle is a versatile development tool designed for Java programmers to ensure their code aligns with established coding standards. It natively supports the Google Java Style Guide and Sun Code Conventions, while offering extensive configurability. Developers can utilize it through ANT tasks or command line interfaces, promoting best practices in coding.

GitHub From United States
CodePatrol

CodePatrol

Automated code reviews through CodePatrol enhance project security by performing robust SAST scans to uncover vulnerabilities early in development. It utilizes multiple scanning engines to deliver precise analysis across various programming languages, while automated alerts keep teams informed of emerging threats, ensuring timely remediation of identified flaws.

Claranet From United States
Brakeman

Brakeman

Brakeman is a static code analysis tool tailored for Ruby on Rails applications, enabling developers to identify security vulnerabilities directly within their source code. With its latest enhancements, including the adoption of the Prism parser, Brakeman streamlines scanning processes and improves performance. It offers precise warnings on potential security issues, ensuring robust protection throughout the development lifecycle.

1 vote
Splint

Splint

Splint is a specialized tool designed for the static analysis of C programs, targeting security vulnerabilities and coding errors. With minimal setup, it enhances the capabilities of traditional lint tools. By incorporating annotations, users can enable Splint to conduct more rigorous checks, identifying issues more effectively than standard linting solutions.

University of Virginia From United States

Company Information

  • Company: OpenText
  • Country: Canada

Top OpenText Fortify Static Code Analyzer Features

  • Root cause analysis of vulnerabilities
  • Prioritization of security issues
  • Detailed remediation guidance
  • Centralized security management
  • Accurate vulnerability detection
  • Support for 1
  • 657 vulnerability categories
  • Multi-language support
  • Integration with development tools
  • Tuning scan depth options
  • Minimization of false positives
  • Dynamic scaling of scans
  • CI/CD pipeline compatibility
  • Comprehensive shift-left security
  • Coverage for cloud-native applications
  • Support for Infrastructure as Code
  • Serverless application security
  • Customizable reporting features
  • Automated issue tracking
  • Historical trend analysis
  • Continuous security assessment.