We use Fortify Static Code Analyzer to analyze our code for security vulnerabilities. It helps us identify and address potential issues, ensuring our software is secure.
Our primary use case for this solution is to analyze the security of our software applications during the development cycle. We use it to identify vulnerabilities and potential security issues before deploying the applications into production. Our environment comprises various software development projects, ranging from web applications to internal tools.
We maintain several applications that utilize a mix of custom PHP packages and native functionality. When a package becomes outdated or a security vulnerability emerges within one, our lifecycle management system flags the issue and assigns a threat level of critical, high, or moderate. We prioritize mitigation based on severity, addressing critical issues first. Additionally, we've integrated Fortify on Demand into our build pipeline. This tool scans our codebase for static vulnerabilities as new code is built and performs dynamic scans for potential runtime issues once builds are deployed. We implemented Fortify Static Code Analyzer to ensure our platform meets security standards, stays up-to-date with threats, and streamlines security remediation.
We use the product as a SaaS analysis tool. We review static code. It allows you to find vulnerabilities. The value that combining Fortify and Sonatype is that we use Fortify as a SaaS analysis tool. We review static code and Sonatype allows you to find vulnerabilities. I use it as a security center. I review it for any kind of issues, whether for proof or to deny, the source code, the findings, and then the enterprise can go back and provide their recommendation for how to fix the issue. It is used to scan the code base.
Sr cyber analyst at a energy/utilities company with 10,001+ employees
Real User
Top 5
2023-10-17T08:05:00Z
Oct 17, 2023
We use Fortify SCA or SAST for scanning the source code, and we use Sonatype Nexus to scan libraries for any vulnerabilities. We get secure code and libraries by combining these two solutions. If we find any issues, we can fix them.
Learn what your peers think about Fortify Static Code Analyzer. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
Vice President Application Security North America at BNP Paribas
Real User
Top 5
2023-08-25T20:10:00Z
Aug 25, 2023
Fortify SAST performs static code analysis, which means it reviews the source code or compiled binary code without executing the application. This helps in identifying vulnerabilities, coding errors, and security issues within the codebase. Fortify SAST supports a wide range of programming languages, including popular ones like Java, C/C++, C#, Python, and more. This broad language support makes it suitable for various development environments. It comes with a comprehensive set of security rules and patterns to identify vulnerabilities, including issues related to OWASP Top Ten, CWE (Common Weakness Enumeration), and other industry standards
I make use of this solution every day in my current position. I have experience in its installation and troubleshooting and always ensure I am up to date with their latest releases. We use this solution to run and scan SQL code.
Senior Architect at a healthcare company with 10,001+ employees
Real User
2022-04-10T11:12:13Z
Apr 10, 2022
Fortify Static Code Analyzer is used for scanning the container image, such as Kubernetes or Docker, and its main role is to do the static security analysis.
We usually run the product through the pipelines through GitLab, CICD, or Jenkins pipelines. I'm currently experimenting with AWS CodePipeline right now with integrating those types of tools into the pipeline.
I work for a company that implements these solutions for customers. So, we've got it everywhere. I've done implementations that are very simple and are developer workstation-based or security analyst desktop-based. We also have implementations all the way up through their big kahuna, which is decentralized and automated scanning.
Fortify Static Code Analyzer (SCA) utilizes numerous algorithms in addition to a dynamic intelligence base of secure coding protocols to investigate an application’s source code for any potential risk of malicious or dangerous threats. Additionally, the solution will prioritize the most critical concerns and give direction on how users can repair those concerns. This solution researches each and every potential route that workflow and data can travel to discover and repair all possible...
We use Fortify Static Code Analyzer to analyze our code for security vulnerabilities. It helps us identify and address potential issues, ensuring our software is secure.
Our primary use case for this solution is to analyze the security of our software applications during the development cycle. We use it to identify vulnerabilities and potential security issues before deploying the applications into production. Our environment comprises various software development projects, ranging from web applications to internal tools.
We use the tool for web-based applications.
We maintain several applications that utilize a mix of custom PHP packages and native functionality. When a package becomes outdated or a security vulnerability emerges within one, our lifecycle management system flags the issue and assigns a threat level of critical, high, or moderate. We prioritize mitigation based on severity, addressing critical issues first. Additionally, we've integrated Fortify on Demand into our build pipeline. This tool scans our codebase for static vulnerabilities as new code is built and performs dynamic scans for potential runtime issues once builds are deployed. We implemented Fortify Static Code Analyzer to ensure our platform meets security standards, stays up-to-date with threats, and streamlines security remediation.
We use the product as a SaaS analysis tool. We review static code. It allows you to find vulnerabilities. The value that combining Fortify and Sonatype is that we use Fortify as a SaaS analysis tool. We review static code and Sonatype allows you to find vulnerabilities. I use it as a security center. I review it for any kind of issues, whether for proof or to deny, the source code, the findings, and then the enterprise can go back and provide their recommendation for how to fix the issue. It is used to scan the code base.
We use Fortify SCA or SAST for scanning the source code, and we use Sonatype Nexus to scan libraries for any vulnerabilities. We get secure code and libraries by combining these two solutions. If we find any issues, we can fix them.
Fortify SAST performs static code analysis, which means it reviews the source code or compiled binary code without executing the application. This helps in identifying vulnerabilities, coding errors, and security issues within the codebase. Fortify SAST supports a wide range of programming languages, including popular ones like Java, C/C++, C#, Python, and more. This broad language support makes it suitable for various development environments. It comes with a comprehensive set of security rules and patterns to identify vulnerabilities, including issues related to OWASP Top Ten, CWE (Common Weakness Enumeration), and other industry standards
I make use of this solution every day in my current position. I have experience in its installation and troubleshooting and always ensure I am up to date with their latest releases. We use this solution to run and scan SQL code.
Fortify Static Code Analyzer is used for scanning the container image, such as Kubernetes or Docker, and its main role is to do the static security analysis.
We usually run the product through the pipelines through GitLab, CICD, or Jenkins pipelines. I'm currently experimenting with AWS CodePipeline right now with integrating those types of tools into the pipeline.
I work for a company that implements these solutions for customers. So, we've got it everywhere. I've done implementations that are very simple and are developer workstation-based or security analyst desktop-based. We also have implementations all the way up through their big kahuna, which is decentralized and automated scanning.