Build securely at speed with enterprise application security
Ship secure software—faster, smarter, and without compromise
94% of users agree that OpenText helps them improve their application security program.* See what it can do for yours
IDC report
Protecting Your Innovation: Critical Knowledge for Secure GenAI in AppSec
*Verified by UserEvidence
Gartner, Magic Quadrant for Application Security Testing, by Mark Horvath, Dale Gardner, Manjunath Bhat, Ravisha Chugh, Angela Zhao, 30 April 2024.
Gartner, Voice of the Customer for Application Security Testing, by Peer Contributors, 27 September 2024.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Shift left without slowing down
Scalability
Scale AppSec with automation
Say goodbye to cumbersome AppSec scaling. Using automation, you can scale from one to hundreds—or even thousands—of apps with a partner and ecosystem you can trust.
DevSecOps
Easily integrate AppSec
Our solutions integrate AppSec right into your development toolchain, delivering top-quality findings and auto remediation advice at every stage. Achieve secure code at speed—without any trade-offs.
Public sector
Get easy, cost-effective testing
OpenText is the only enterprise application security vendor that is operates on AWS GovCloud, JAB-certified, and FedRAMP-authorized.
Generative AI
Harness AI-powered AppSec
Accelerate auditing and remediation with AI-powered code-fix suggestions. Drastically reduce the time developers spend on code security issues.
Explore our code security products
Application security
Empower developers with trusted, reimagined application security
Learn more ⟶
OpenText™ Core Software Composition Analysis
Take full control of open source security, compliance, and health
Learn more ⟶
OpenText™ Fortify™ Aviator
Secure smarter, not harder with AI code analysis and code fix suggestions
Learn more ⟶
OpenText™ Fortify™ On Demand
Unlock security testing, vulnerability management, and tailored expertise and support
Learn more ⟶
OpenText™ Fortify™ Static Code Analyzer
Find and fix security issues early with the most accurate results in the industry
Learn more ⟶
Frequently asked questions
OpenText SAST helps organizations identify and fix vulnerabilities in source code early in the SDLC. Key capabilities include:
• Broad language coverage: Supports 33+ languages and 1,400+ vulnerability categories.
• ScanCentral SAST: Enables scalable, distributed scanning in CI/CD pipelines.
• OpenText™ Application Security Aviator™ (AI-powered): Uses LLMs for automated issue auditing, English-language explanations, and remediation code suggestions.
• Audit assistant: Machine learning classifier that reduces false positives from prior scan patterns.
• Developer-centric integration: Integrated into IDEs, DevOps pipelines, and dashboards for shift-left adoption.
OpenText DAST helps secure running web applications by simulating real-world attacks. Highlights include:
• ScanCentral DAST: Provides centralized, scalable DAST automation, including API and macro-driven workflows.
• SecureBase engine: Updated frequently via SmartUpdate to cover new attack vectors.
• IAST capabilities: Optional integration for runtime visibility to reduce false positives.
• Authentication support: OAuth2, client certificates, SSO, and session macros for authenticated scans.
• Workflow integration: Supports DevOps pipelines and software security dashboards.
OpenText SCA identifies open-source risks, licensing issues, and outdated components. It’s designed to fit into modern development environments:
• Integrated SCA scanning: Detects vulnerabilities, misconfigurations, and license issues across APIs, containers, and mobile apps.
• OpenText Core Open Source Select: Helps developers choose secure, compliant components from the start.
• Advanced Legal Pack (OEM): Adds enhanced legal risk visibility and compliance features.
• Continuous monitoring: Offers visibility into risk posture over time.
• Flexible deployment: Supports both SaaS and self-hosted options.
OpenText offers full deployment flexibility:
• SaaS: Public cloud with FedRAMP-authorized options for US government.
• Private cloud: Single-tenant environments for regulated industries.
• On-premises: Full control, including Iron Bank-approved builds.
• All models support hybrid or multi-cloud DevSecOps environments.
Application Security Aviator is OpenText’s generative AI engine for application security. It automates issue triage, delivers English-language justifications, and provides copy-pastable fixes. It supports SAST today and is expanding to DAST and other AppSec workflows in future releases.
The OpenText AST platform integrates with:
• Developer tools (IDEs, source control)
• CI/CD tools (Jenkins, GitLab, Azure DevOps)
• Ticketing (Jira, ServiceNow)
• Risk and compliance systems (ITSM, GRC)
• Secure Code Warrior for developer training
• API-level extensibility for custom workflows
OpenText combines decades of security expertise with modern DevSecOps capabilities. Key differentiators include:
• Enterprise-grade coverage (SAST, DAST, SCA)
• AI-powered automation via Aviator
• ASPM-enabling analytics and dashboards
• Developer-first integrations and shift-left design
• OEM enhancements from partners like Sonatype and Secure Code Warrior
