SCA Banner section

SCA Why Section

Why static analysis?

Static testing help organizations identify security vulnerabilities early in the software development lifecycle when issues are easiest and least expensive to fix. HP Fortify Static Code Analyzer offers comprehensive vulnerability discovery early in the software development lifecycle and provides immediate feedback to developers and security professionals on issues introduced into code during development so they can begin their remediation effort.

  • Verify your code

    Reduce business risk by identifying and removing exploitable issues in your applications that pose the biggest threat to your business. 

  • Fits into your Development Environment

    HP Fortify SCA supports a wide variety of development environment, with over 22 programming languages, 669+ unique vulnerability categories, 825k component-level APIs, multiple platforms, frameworks and IDEs, to enable security reviews in mixed development and production environments. 

  • Most accurate in the market

    HP Fortify SCA provides accurate results and detects a breath of issues. It categorizes and prioritizes vulnerabilities and provides a detailed action plan. Fortify SCA is guided by the largest and most complete set of security coding rules that are updated by HP's Fortify Software Security Research Group. 

“Fortify helps us find and remediate security vulnerabilities in Vital Images medical imaging software before they go to market. It is directly responsible for an improvement to the security posture of our software.”

 — Tim Dawson, Senior Director, Software Engineering, Vital Image

 

“HP Fortify has helped us to establish secure development practices based on its analysis of our software security architecture and application code. We will continue to use HP Fortify software to test all of our software throughout its lifecycle to ensure it is secure at all times.”

— Luc Porchon, Banking Applications Project Manager, Parkeon

SCA Benefits Section

Benefits: It’s time to transform your application security program

HP Fortify Static Code Analyzer helps to ensure that the software that runs your business is protected and secure. Fortify SCA automates your static testing process and enables your organization to be proactive in securing applications across your enterprise. Building a repeatable process, prioritizing vulnerabilities by criticality, and having a remediation plan, will increase development productivity, streamline your security review processes, and lay the foundation for secure coding best practices. 

Comprehensive coverage for any Application

HP Fortify SCA supports 22+ programing languages, 825,000+ component-level APIs, 669+ unique vulnerability categories, and major platforms, build environments and IDEs. It helps identify risk in all types of applications, maintains the security integrity of applications, and scale with the growing demands of your business. 

Manage actionable results

HP Fortify SCA provides reports that enables development and security teams the ability to quickly organize, investigate, and prioritize analysis results, so critical vulnerabilities that pose the biggest risk to your organization can be remediated quickly. 

Collaborate across teams

Building secure code is a team effort between Development, QA, Security Teams and Management. It involves communication, collaboration and a committment to improve the security posture of the organization. HP Fortify SCA's web-based collaboration capabilities provide a shared workspace and repository to communicate and work together on code reviews and remediation activities.

Prioritization

It's important to prioritize results by vulnerabiity impact and likelihood of exposure. HP Fortify SCA will prioritize vulnerabilities by severity and importance, provide a detailed action plan, and deliver risk ranked and categorized issues so developers can address critical vulnerabilities first. 

Why HP?

HP Fortify, the most broadly adopted SAST tool in the market, continues to deliver compelling innovations with DAST, IAST and RASP technologies.

HP Fortify: Leader in 2015 Gartner Magic Quadrant for Application Security Testing

HP Fortify continues its unbroken streak of leadership in every application security MQ ever issued. Once again, Gartner has positioned HP as a leader.

  • Gartner has named Fortify a leader in every Magic Quadrant for Application Security Testing they have ever produced. And the trend continues in 2015.
  • HP Fortify, the most broadly adopted SAST tool in the market, continues to deliver compelling innovations with IAST and RASP technologies.
  • Get the report. To learn more about HP Application Security, visit hp.com/go/fortify.
     

According to Gartner, leaders in the AST (Application Security Testing) market demonstrate breadth and depth of AST products and services. Leaders should provide mature, reputable SAST, DAST and, desirably, IAST techniques in their solutions. Leaders also should provide organizations with AST-as-a-service delivery models for testing, or with a choice of a tool and AST as a service, using a single management console and an enterprise-class reporting framework supporting multiple users, groups and roles. In addition, Leaders should provide capabilities for testing mobile applications.

More information about the entire portfolio of HP Enterprise Security Products is available at hpenterprisesecurity.com. In addition, HP Security Research delivers actionable security intelligence to the product portfolio while providing insight into the future of security and the most critical threats facing organizations today.