Open in app

Sign in

Write

Sign in

Exploring Fortify SAST’s Language Support

Fortify blog
2 min readDec 21, 2023

--

Fortify Static Code Analyzer (SAST) is a powerful tool for securing your codebase, offering extensive support for a wide range of programming languages and frameworks. This versatility ensures that your software development can leverage the latest in security technology, regardless of the programming language used. Here, we delve into the specifics of the languages and frameworks supported by Fortify SAST 23.2.0. Fortify Static Code Analyzer indeed supports a wide range of programming languages and frameworks. The list includes:

  1. .NET
  2. .NET Core
  3. .NET Framework
  4. ABAP/BSP
  5. ActionScript
  6. Apex
  7. Bicep
  8. C#
  9. C
  10. C++
  11. COBOL
  12. ColdFusion
  13. Dart
  14. Docker (Dockerfiles)
  15. Flutter
  16. Go
  17. HCL
  18. HTML
  19. Java (including Android)
  20. JavaScript
  21. JSON
  22. JSP
  23. Kotlin
  24. MXML (Flex)
  25. Objective-C/C++
  26. PHP
  27. PL/SQL
  28. Python
  29. Ruby
  30. Scala
  31. Solidity
  32. Swift
  33. T-SQL
  34. TypeScript
  35. VBScript
  36. Visual Basic (VB.NET)
  37. Visual Basic
  38. XML
  39. YAML

.NET Ecosystem

  • .NET: Versions 5.0, 6.0, 7.0, 8.0
  • .NET Core: Versions 2.0 to 3.1
  • .NET Framework: Versions 2.0 to 4.8

Other Programming Languages

  • ABAP/BSP: Version 6
  • ActionScript: Version 3.0
  • Apex: Versions 55 to 58
  • Bicep: Versions 0.12.x to 0.15.x
  • C#: Supported
  • C and C++: Supported (with detailed compiler versions on page 38 of the document)
  • COBOL: Versions 5 to 12, including IBM Enterprise COBOL for z/OS (6.1 or earlier, 6.2 and 6.3) and Visual COBOL (6.0, 7.0, 8.0)
  • ColdFusion: Versions 8, 9, 10
  • Dart: Versions 2.x (2.12 and later), 3.0
  • Go: Versions 1.12 to 1.20 (supported on Windows and Linux)

Web Technologies and Scripts

  • HTML: Version 5 or earlier
  • JavaScript: ECMAScript 2015 to 2023
  • JSON: ECMA-404
  • TypeScript: Versions 2.8, 3.x, 4.x, 5.0
  • VBScript and Visual Basic (including VB.NET): Supported

Database Query Languages

  • SQL (T-SQL): SQL Server 2005, 2008, 2012
  • PL/SQL: Supported

Mobile and Modern Languages

  • Java (including Android): Versions 7 to 17
  • Swift: Version 5 (with specific compiler support on page 38)
  • Kotlin, Scala, Ruby, Python: Supported

Specialized Language Support

  • Solidity: Versions 0.4.12 to 0.8.21
  • XML and YAML: Supported
  • HCL: Version 2.0 (specific to Terraform and Infrastructure as Code configurations)
  • Docker (Dockerfiles): Any version
  • Flutter: Versions 2.0 to 3.3

Conclusion

Fortify SAST’s extensive language support underscores its utility in diverse software development environments. From legacy languages like COBOL to modern frameworks and Infrastructure as Code (IaC) configurations, Fortify SAST ensures comprehensive security coverage across your codebase. As technology evolves, staying updated with the latest versions and expanding language support is key to maintaining a secure and robust development pipeline.

Fortify
Static Code Analysis
Security
Programming
Development

--

--

Fortify blog

Written by Fortify blog

4 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams