Fortify Static Code Analyzer


Fortify Static Code Analyzer supports 27+ major languages and their frameworks and comes with flexible deployment options.

3 min read

fortify static code analyzer

What is Fortify Static Code Analyzer?

Fortify Static Code Analyzer is the static application security testing tool in the MicroFocus application security suite.

Fortify SCA detects 815 unique categories of vulnerabilities across 27 programming languages and spans over one million individual APIs.

Fortify SCA

What languages Fortify SCA supports?

It supports application written in ABAP/BSP, ActionScript, Apex, ASP.NET, C# (.NET), C/C++, Classic, ASP (with VBScript), COBOL, ColdFusion CFML, Go, HTML, Java (including Android), JavaScript/AJAX, JSP, Kotlin, MXML (Flex), Objective C/C++, PHP,
PL/SQL, Python, Ruby, Swift, T-SQL, VB.NET, VBScript, Visual Basic, and XML.

please share your experiences with Fortify Static Code Analyzer.


Or maybe you have a question.


Either way, let me know by leaving a comment below right now.

On this page:

3 Responses

  1. I would like to use fortify in my organization for rust code. We are able to use it with sonarqube using a plugin but I would like to expand to using fortify as well. I would like to know if there is any work being done on this or if there is a workaround that we could use.

    1. Thank you for your interest Fortify! While we don’t support static analysis of Rust currently, it’s one of the top languages we’re considering for future support. We’re actively monitoring demand amongst our customers and the market in general, and we’re always happy to engage in a deeper conversation. Just reach out to our support and/or account team.

Leave a Reply

Your email address will not be published. Required fields are marked *