The right way to support your favorite programming language for AppSec testing

Frequent Contributor.
Frequent Contributor.
0 0 1,038

In our previous blog, “3 Steps to Get Developers Involved in Security Testing,” we outlined three easy steps to “move application security to the left” and help developers prevent or fix security vulnerabilities in their source code, and we highlighted the Micro Focus Fortify features that support this movement. You and your developers might now be wondering if Fortify supports the programming languages you use. In short, the answer is “Yes!” Fortify understands that deep, comprehensive language support is a key differentiator in the application security (AppSec) testing process.

Fortify is recognized as the market leader in Application Security Testing by analyst and customer communities, receiving high praise for our source code language support. Today, Fortify supports 26 of the most popular programming languages, which means your developers don’t have to abandon their favorite programming languages to get the benefits that Fortify offers.


Fortify is in the business of finding and helping you fix security vulnerabilities regardless of which popular programming language your developers choose to use. For each supported language, we apply a rigorous process to ensure the same high level of coverage in your security scan results. We do this in two ways:

  1. A translator for each language. We recognize that every programming language is unique. With Fortify, we build a translator for each programming language we support. The translator builds an intermediate model that works with our backend engine. The process of building a translator for each language takes more effort and requires us to have a more detailed understanding of the language, but it ensures that we capture the nuances of each programming language that would not be possible with a universal, one-size-fits-all approach. Additionally, for select languages, we leverage a compiler. And in some cases, as in our recent support of Scala, we partner with the developer of the language compiler to tightly integrate and fully ensure the depth of the language's nuances.
  2. The most comprehensive rules in the industry. We apply rules developed by the Micro Focus Software Security Research (SSR) team, a group of industry-recognized leaders in application security. Members of the SSR team continuously research the latest developments and trends in application security, contribute their findings to the security community, and apply their learnings in the rules that Fortify uses to scan for vulnerabilities in source code. To date, Fortify and the SSR team have identified an impressive 970 unique categories of vulnerabilities.

With Fortify, we made the investment decision to develop a specific translator for each language and to develop the most current and robust security rules for each language because it provides the most comprehensive and fastest scan results for you, our customers.

Gartner recognizes Fortify as the leader in application security for the breadth and depth of our solutions. And perhaps more importantly, Fortify customers have benefited from our proven approach. Today, Fortify customers use multiple programming languages. They are leaders in their industries, and include:

  • 10 out of 10 of the largest information technology companies
  • 9 out of 10 of the largest banks
  • 5 out of 5 of the largest telecommunication companies
  • 4 out of 5 of the largest pharmaceutical companies
  • 3 out of 3 of the largest independent software vendors

What does all of this mean for you and your organization? Our rigorous approach means you can have complete confidence and peace of mind in identifying, fixing, and preventing security vulnerabilities in your applications, regardless of the programming language you use.

Learn more at Fortify Application Security Solutions.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.