OpenText Static Application Security Testing
Static code analysis tools
Static application security testing (SAST) software
DevSecOps software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if OpenText Static Application Security Testing and its alternatives fit your requirements.
Contact the product provider
Free Trial
Free version unavailable
Small
Medium
Large
- Public sector and nonprofit organizations
- Healthcare and life sciences
- Banking and insurance
What is OpenText Static Application Security Testing
OpenText Static Application Security Testing is a static analysis product used to identify security vulnerabilities and coding weaknesses in source code during development. It is typically used by application security teams and development teams to enforce secure coding standards and to gate builds in CI/CD pipelines. The product focuses on security-focused rule sets, policy management, and reporting to support remediation workflows and compliance needs.
Security-focused static analysis
The product is designed specifically for finding security vulnerabilities in code rather than general code quality issues. It supports security-oriented rules and findings that map to common vulnerability classes used in application security programs. This makes it suitable for AppSec teams that need consistent security findings across large codebases.
CI/CD and DevSecOps fit
It is commonly deployed as part of DevSecOps practices where scans run automatically during builds and pull/merge requests. This supports earlier detection of issues and enables teams to set policies for pass/fail thresholds. The approach aligns with organizations that want security checks integrated into developer workflows.
Enterprise governance and reporting
The product supports centralized reporting and governance features that help security teams manage findings across multiple applications. This is useful for tracking remediation progress, audit evidence, and program-level metrics. It fits environments where standardized security controls and oversight are required across many teams.
Tuning and triage overhead
Like many SAST tools, results often require tuning to reduce noise and to align rules with the organization’s coding patterns. Teams may need dedicated time for triage, suppression management, and rule configuration. Without this operational effort, developers can experience alert fatigue and slower adoption.
Limited runtime context
Static analysis evaluates code without executing it, so it may miss issues that depend on runtime configuration, data, or environment behavior. It can also flag findings that are not exploitable in the deployed context. Many organizations still pair SAST with complementary testing approaches to improve coverage.
Adoption complexity in large orgs
Rolling out SAST across many repositories typically requires integration work with build systems, identity/access controls, and SDLC processes. Policy design (what to block vs. warn) can be contentious and may slow initial rollout. Organizations with heterogeneous tech stacks may need phased onboarding and ongoing maintenance.
Plan & Pricing
| Plan | Price | Key features & notes |
|---|---|---|
| OpenText Static Application Security Testing (Fortify) — (SaaS: OpenText Core Application Security / Fortify On Demand; On-premises; Private hosted; Managed services) | Custom pricing — contact OpenText sales | Pricing not published on OpenText site. Deployment and licensing options include SaaS (OpenText Core Application Security/Fortify On Demand), on-premises/off-cloud, and managed/hosted options. A 15-day free trial is offered for the Core Application Security (Fortify On Demand) service (no credit card required). |
Seller details
OpenText Corporation
Waterloo, Ontario, Canada
1991
Public
https://www.opentext.com/
https://x.com/OpenText
https://www.linkedin.com/company/opentext/
