AuditXYZ

OpenText (formerly Micro Focus)

Fortify (OpenText) Review 2026: Pricing, Features, and Verdict

7.3
Score
$20,000+ / per year7 Frameworks8 Integrations
Visit websiteCompare with…
VendorOpenText (formerly Micro Focus)
Websitewww.opentext.com/products/fortify
HQWaterloo, Canada
Founded2003
Employees5000+
Pricing$20,000+ / per year
Frameworks
soc-2iso-27001owasppci-dssnist-csfhipaacwe
Integrationsjenkins, azure-devops, github, gitlab, jira, servicenow, eclipse, visual-studio
G2 Rating4.1/5
Gartner Rating4.2/5

Framework Support

soc-2
iso-27001
owasp
pci-dss
nist-csf
hipaa
cwe

Fortify (OpenText) Review 2026

Fortify is one of the original enterprise application security testing platforms, now owned by OpenText (previously Micro Focus, originally HP). The platform provides SAST and DAST capabilities with a particular strength in on-premises deployment for organizations with strict data handling requirements.

What Fortify Does Well

On-premises deployment is a critical capability for government, defense, and financial organizations that cannot send source code to cloud-based scanning services. Fortify's on-premises option ensures sensitive code never leaves your controlled environment.

Analysis depth for SAST remains competitive with the best in the market. Fortify's static analysis engine performs thorough interprocedural, inter-file analysis across 30+ languages, catching complex vulnerability patterns.

Compliance reporting is well-suited for regulated industries. Fortify generates detailed reports mapped to OWASP, CWE, PCI DSS, and other standards, with evidence suitable for audit and regulatory review.

Where Fortify Falls Short

Developer experience lags behind modern tools. The interface, workflow integration, and feedback speed reflect the platform's enterprise heritage rather than modern DevSecOps expectations. Developers often find the tool cumbersome.

Ownership transitions from HP to Micro Focus to OpenText have created uncertainty about long-term product direction. Each transition brings integration questions and roadmap concerns.

Cloud-native capabilities are developing but not at the level of born-in-the-cloud competitors. Container scanning, IaC security, and cloud security posture management are not core strengths.

Pricing

Fortify pricing starts around $20,000/year and scales with application count and scanning frequency. On-premises licensing may differ from cloud-hosted options.

The Verdict

Fortify remains a solid choice for organizations that require on-premises application security scanning with deep analysis. Modern development teams seeking cloud-native, developer-friendly tooling should evaluate alternatives.

Need soc-2 help?

By submitting, you agree to our privacy policy.

Compare Fortify (OpenText) Review 2026: Pricing, Features, and Verdict with alternatives

See how Fortify (OpenText) Review 2026: Pricing, Features, and Verdict stacks up against other tools in side-by-side comparisons.

Compare now

More security compliance devsecops tools

Anecdotes Review 2026: Pricing, Features, and Verdict
81
Review of Anecdotes, a compliance OS that aggregates security tool data. Covers the aggregation approach, AI gap analysis, and comparison with Vanta.
View
Aqua Security Review 2026: Pricing, Features, and Verdict
78
Review of Aqua Security, the cloud-native security platform for containers and Kubernetes. Covers image scanning, runtime protection, SBOM, and pricing.
View
Black Duck (Synopsys) Review 2026: Pricing, Features, and Verdict
75
Review of Black Duck by Synopsys, the SCA and open-source governance platform. Covers vulnerability database, license compliance, binary analysis, and pricing.
View
Checkmarx Review 2026: Pricing, Features, and Verdict
78
Review of Checkmarx, the application security and ASPM platform. Covers SAST, SCA, API security, supply chain security, pricing, and alternatives.
View