INTRODUCTION: MODERNIZATION, SIGNAL QUALITY, AND CI/CD INTEGRATION
OpenText SAST 25.4 (formerly Fortify SCA) is a strategic release for enterprises. Beyond language updates, it aligns AppSec with modern stacks, improves triage signal quality, and integrates SAST into CI/CD, SAP, and mobile ecosystems.
CLEAR PRODUCT NAMING FOR APPSEC GOVERNANCE
What it is
Portfolio rebranding: SAST, DAST, SCA, and central Application Security, making capabilities explicit.
Enterprise impact
CISOs/CIOs can report coverage in recognized terms (SAST, DAST, SCA).
Policies map cleanly to named tools: e.g., “all Java services must pass SAST and SCA before production.”
Day-to-day team benefits
Developers, QA, and DevSecOps know exactly which tool covers which function.
Documentation, runbooks, and onboarding align with clear product categories.
LANGUAGE SUPPORT FOR MODERN TECH STACKS
New/Updated Support
C# 14, .NET 10, Java 25, Go 1.24/1.25, Kotlin 2.1, Dart 3.2–3.8, Swift 6.2, ABAP SQL.
Enterprise impact
Stronger coverage for modern microservices, mobile, cloud-native, and SAP applications.
Reduced blind spots for security in new customer-facing apps.
Day-to-day benefits
CI/CD pipelines run SAST without “unsupported version” stalls.
Security engineers spend less time customizing rules, more on analysis and coaching.
EXPANDED BUILD TOOL SUPPORT
New/Updated Support
MSBuild 17.14, Xcode 26/xcodebuild 26, Flutter 3.29/3.32, SAP Web Dynpro projects.
Enterprise impact
Standardized SAST gates within modern CI/CD pipelines.
SAP applications integrated into corporate security programs.
Day-to-day benefits
Developers and mobile teams scan within normal build chains.
Reduced friction and parallel project maintenance for iOS, macOS, and Flutter builds.