Fortify Static Code Analyzer

The earlier you find security flaws during development, the less impactful they are to fix. To be effective, source code analysis must be more than thorough and accurate. It also should provide you actionable insight into the root causes of security problems, while helping prioritize which vulnerabilities to address first.

The Fortify Static Code Analyzer (SCA) in Fortify Software Security Center helps you meet all of these needs. It uses Fortify’s award winning static analysis to provide the most far-reaching vulnerability detection in source code available today. It delivers key functionality required for an effective Software Security Assurance (SSA) program.

With Fortify SCA you can pinpoint root causes of security vulnerabilities in source code, receive prioritized results sorted by severity of risk, and get guidance on how to fix vulnerabilities in line-of-code detail. As a result you can ensure your software is trustworthy, reduce the costs of finding and fixing application vulnerabilities, and establish the foundation for secure coding best practices.

Fortify Static Code Analyzer Features

Fortify SCA provides root-cause vulnerability detection through the most comprehensive set of secure coding rules available and supports the widest array of languages, platforms, build environments (Integrated Development Environments, or IDEs) and software component APIs.

  • Conduct static analysis to pinpoint root causes of security vulnerabilities in source code
  • Detect more than 480 types of software security vulnerabilities across 20 development languages—the most in the industry.
  • Receive prioritized results sorted by severity of risk and  guidance on how to fix vulnerabilities in line-of-code detail
  • Ensure compliance with application security mandates