Fortify Static Code Analyzer Primary Use Case
NS
reviewer2317233
Vice President, Cybersecurity at a financial services firm with 10,001+ employees
We manage the overall software development security organization, encompassing assistance to all developers across our organization worldwide. Our 10,000 developers help identify vulnerabilities in their code. We use Fortify Static Code Analyzer to explore methods to expedite vulnerability detection and remediation through a self-service pipeline.
Initially, we utilized Just Cloud, but subsequently, we developed our on-premises tools over the ensuing year. This resulted in substantial cost savings, as on-premises security solutions are generally more economical than their cloud-based counterparts.
View full review »JB
Jumani Blango
Adjunct at University of Maryland
We use the product as a SaaS analysis tool. We review static code. It allows you to find vulnerabilities.
The value that combining Fortify and Sonatype is that we use Fortify as a SaaS analysis tool. We review static code and Sonatype allows you to find vulnerabilities.
I use it as a security center. I review it for any kind of issues, whether for proof or to deny, the source code, the findings, and then the enterprise can go back and provide their recommendation for how to fix the issue. It is used to scan the code base.
View full review »Fortify SAST performs static code analysis, which means it reviews the source code or compiled binary code without executing the application. This helps in identifying vulnerabilities, coding errors, and security issues within the codebase.
Fortify SAST supports a wide range of programming languages, including popular ones like Java, C/C++, C#, Python, and more. This broad language support makes it suitable for various development environments.
It comes with a comprehensive set of security rules and patterns to identify vulnerabilities, including issues related to OWASP Top Ten, CWE (Common Weakness Enumeration), and other industry standards
Buyer's Guide
Fortify Static Code Analyzer
May 2024
Learn what your peers think about Fortify Static Code Analyzer. Get advice and tips from experienced pros sharing their opinions. Updated: May 2024.
770,292 professionals have used our research since 2012.
AA
Amal Alshehri
Sr cyber analyst at a energy/utilities company with 10,001+ employees
We use Fortify SCA or SAST for scanning the source code, and we use Sonatype Nexus to scan libraries for any vulnerabilities. We get secure code and libraries by combining these two solutions. If we find any issues, we can fix them.
VF
Vincenzo Fioravanti
Software analyst at a financial services firm
We use Fortify Static Code Analyzer and Sonatype in conjunction with Azure DevOps to view all code processes, from scheduling to deployment in production. This is typically included in the build. Therefore, when a colleague performs a build, all scans are automatically done, and they can see the results through the Fortify and Sonatype web portals.
Fortify Static Code Analyzer enables developers to identify and fix broken references within the code. We sought to understand how to write secure code by design.
View full review »We're consultants and it supports our primary banking group in Italy in terms of cybersecurity strategies.
Due to the mandatory use of Sonatype within the Italian banking industry, we rely on both Fortify and Sonatype to conduct a comprehensive analysis of the implemented code.
TW
reviewer2322627
Security DevOps Engineer at a legal firm with 1-10 employees
We maintain several applications that utilize a mix of custom PHP packages and native functionality. When a package becomes outdated or a security vulnerability emerges within one, our lifecycle management system flags the issue and assigns a threat level of critical, high, or moderate. We prioritize mitigation based on severity, addressing critical issues first. Additionally, we've integrated Fortify on Demand into our build pipeline. This tool scans our codebase for static vulnerabilities as new code is built and performs dynamic scans for potential runtime issues once builds are deployed.
We implemented Fortify Static Code Analyzer to ensure our platform meets security standards, stays up-to-date with threats, and streamlines security remediation.
RS
Renee Speight
Code Reviewer at HQ USMEPCOM
I make use of this solution every day in my current position. I have experience in its installation and troubleshooting and always ensure I am up to date with their latest releases.
We use this solution to run and scan SQL code.
Fortify Static Code Analyzer is used for scanning the container image, such as Kubernetes or Docker, and its main role is to do the static security analysis.
View full review »DA
David Alaga
Sr DevOps Engineer at incatech
We usually run the product through the pipelines through GitLab, CICD, or Jenkins pipelines. I'm currently experimenting with AWS CodePipeline right now with integrating those types of tools into the pipeline.
TH
Tom Haakma
Director of Security at Merito
I work for a company that implements these solutions for customers. So, we've got it everywhere. I've done implementations that are very simple and are developer workstation-based or security analyst desktop-based. We also have implementations all the way up through their big kahuna, which is decentralized and automated scanning.
View full review »We use the tool for web-based applications.
View full review »Buyer's Guide
Fortify Static Code Analyzer
May 2024
Learn what your peers think about Fortify Static Code Analyzer. Get advice and tips from experienced pros sharing their opinions. Updated: May 2024.
770,292 professionals have used our research since 2012.