Source Code Analyzer (SCA) in Development

The Fortify Source Code Analyzer (SCA) examines every line of code and every program path to identify hundreds of different types of potentially exploitable vulnerabilities early in the development lifecycle, when they're cheapest to fix.

Detect Vulnerabilities in the Source Code

SCA is comprehensive in the vulnerabilities it finds and complete in what it analyzes. Its analyzers and patented X-Tier™ Dataflow analysis (patent #7207065) detect a breadth of issues at a depth unmatched by other technologies. Its analyzers are guided by the largest and most comprehensive set of secure coding rules, which are continually updated by the experts in the Fortify Security Research Group. SCA identifies more than 200 vulnerability categories

Unmatched Accuracy

The sophisticated engines and precise secure coding rules in SCA deliver ranked and categorized issues with a very low false positive rate. In addition, because no two applications have the same risk profile or are built the same way, SCA enables organizations to further tune the analysis to accommodate a particular application, component or Web service.

Fits into Your Environment

SCA is designed to fit into your organization. It can scale from daily builds to full-scale audits of millions of lines of code and supports a wide array of languages, platforms, build environments and integrated development environments (IDEs). Its level of analysis can be tuned for individuals or groups with different objectives. For applications that require unique rules, SCA provides an easy-to-use Rules Builder for customized analysis.