We deliver excellence with a down-to-earth approach. Whether you're running an enterprise-level company or a startup, we've got you covered when it comes to Data Analytics, Testing and Security.
Contact
1035 Pearl Street, Suite 400 Boulder, CO 80302, US
OpenText Application Security 25.2.0: Enterprise SDLC Strategic Impact
OpenText December 27, 2025 By Chris Carpenter
OpenText Application Security 25.2.0: Enterprise SDLC Strategic Impact OpenText Fortify 25.2.0 strengthens SHA256, modernizes Kubernetes/ARM/OpenAPI 3 deployments, reduces SAST/DAST noise, and enforces deprecations—improving SDLC governance, automation, and risk management.
Contact the team: connect@merito.com
OpenText Testing DAST Fortify
← Back to insightsINTRODUCTION: GOVERNANCE, PERFORMANCE, AND MODERNIZATION
STRONGER LICENSE & INFRASTRUCTURE SECURITY WITH SHA256
What it is
Enterprise impact
Reduces cryptographic risk and future-proofs license/infrastructure communications.
Supports staged upgrades of mixed Fortify environments without downtime.
Day-to-day team value
Platform owners can upgrade LIM once, preserving backward compatibility.
Offline customers have clear activation procedures without ad-hoc hacks.
KUBERNETES DEPLOYMENT MODERNIZATION FOR SSC
What it is
Enterprise impact
Standardized, supportable cloud/container deployments.
Easier alignment with platform engineering and audit policies.
Day-to-day team value
DevOps follows documented deployment steps.
Avoids trial-and-error migration issues, reducing downtime.
REST API PERFORMANCE WITH withoutCount PARAMETER
What it is
Enterprise impact
Supports scalable automation in large environments.
Predictable API behavior for CI/CD pipelines and dashboards.
Faster polling for activity feeds and issue lists.
Dashboards prioritize responsiveness over exact totals.
STRONGER GOVERNANCE AROUND REPORT LIBRARIES
What it is
Preserves report integrity and improves auditability.
Reduces fragile integrations that could corrupt report metadata.
Fewer mysterious report breakages.
Clear guidance for automation scripts: PUT for metadata, POST for files.
CLEARER AUTHENTICATION EVENTS AND LOGGING
What it is
Improved security monitoring and incident response.
Reduced noise in SIEM/audit logs.
Easier troubleshooting for failed automations.
Analysts focus on meaningful events, not repetitive logs.
LOG ROTATION AND PLUGIN LOG IMPROVEMENTS
What it is
Predictable logging footprint simplifies SIEM/log shipper setup.
Easier retention policy compliance.
Simplified debugging and incident response.
Fewer directories and logs to monitor.
OPENAPI 3 REST SPEC AND UPDATED fortifyclient
What it is
Standardized SDK generation and API governance.
Migration away from legacy Swagger 2 integrations.
Auto-generate clients in multiple languages.
Modern HTTP client with consistent bindings.
ARM SUPPORT FOR SSC SERVER ON LINUX
What it is
Flexible, cost-effective, energy-efficient infrastructure planning.
Supports long-term modernization strategies.
Deploy SSC on ARM nodes without exceptions.
Test performance and scalability across x86/ARM.
SCANCENTRAL SAST QUEUE CONTROL
What it is
Reduces redundant compute and queue congestion.
Predictable SLAs for security analysis.
Pipelines rerunning same version process latest scan request.
Retain control via -dr flag when needed.
NOISE REDUCTION IN DEFAULT SAST POLICIES
What it is
Focus on high-impact issues for executive reporting.
Reduces overload of low-value findings.
Developers/security engineers triage less noise.
Backlog grooming and sprints focus on actionable items.
SCANCENTRAL DAST: NEW COMPOSITE SETTINGS FORMAT
What it is
Easier version control and artifact promotion.
Simplifies standardization across applications.
UI-based import/export of single ZIP.
Automation developers use consistent, hardened reference files.
STRATEGIC DE-SUPPORT AND DEPRECATIONS
What it is
Reduces integration risk and technical debt.
Encourages platform unification on Linux and modern protocols.
Signals to stop building new flows on deprecated systems.
Supports preemptive retirement of unsupported components.
CONCLUSION: STRATEGIC IMPACT
Risk management: SHA256, cleaner auth logs, deprecated plugin removal, supported SSO/containerization improve systemic security.
Operational efficiency: SAST queue control, lighter REST responses, modern API spec, predictable logging save time and reduce triage effort.
Strategic modernization: ARM support, Linux Docker images, Tomcat 10.1, OpenAPI 3 enable future-proof, governable SDLC.
Assess Fortify usage, gaps, and deprecations.
Design target-state architecture for SAST/DAST/SSC.
Implement and operationalize changes without disrupting delivery pipelines.
Platform Health Check: assess versions, integrations, deployments.
Modernize Integration Layer: adopt OpenAPI 3, DAST/SAST policies, SSC logging/auth.
Plan/Execute Legacy Migrations: retire ALM, WIE, Bugzilla, CAS/Kerberos, Windows components.
