Security Blog

Real-time security as you code in Visual Studio with Fortify Security Assistant

Real-time security as you code in Visual Studio with Fortify Security Assistant

Micro Focus Frequent Contributor

If you use Microsoft Visual Studio 2017 as an integrated development environment (IDE), and have a need for lightning fast security results, we have some great news for you. Micro Focus Fortify Security Assistant for Visual Studio 2017 is now available. Fortify Security Assistant provides real-time-as-you-type security analysis on your code, and provides immediate results in the IDE! 

Real-time security .jpgWe can all agree that developers can’t be slowed down by the tools they use, and that they want to focus primarily on high-confidence, high priority issues. Security Assistant is Fortify’s most instantaneous security feedback tool to date, with structural and configuration analyzers which are purpose-built for speed and accuracy. So now developers can get immediate visibility about their vulnerabilities as they write code and help prevent checking in costly security mistakes into the source repository. 

Security Assistant is fast by design and doesn’t slow down the IDE even in projects with larger code bases. Security Assistant is designed with developers in mind and it only finds high confidence (no or very low false positive rates) findings. So developers do not have to worry about issues that they shouldn’t deal with at the first place. This means that Security Assistant will only find a subset of potential findings that can be found by Fortify Software Security Analyzer (SCA) (or by Fortify on Demand static assessments) and that it does not replace Fortify SCA. But it also means that many issues will be detected and fixed early on in the software development lifecycle therefore supporting efforts to shift security to left. 

Security Assistant is suggested to be used as an additional aide for developers and used in conjunction with full static scans for a more comprehensive view of security issues.  

Another great feature of Security Assistant is its privacy for the developer. It is a true developer aid and it doesn’t report back any issues found or any metrics from the developer IDE. It has been designed and created to make developers’ lives easier as they develop more secure code without any interruptions or distractions. 

More about Fortify Security Assistant:

Leveraging the Microsoft Visual Studio native interface, Security Assistant displays security errors alongside standard Visual Studio errors and provides details and recommendations from our rich Fortify ruleset shared also by Fortify SCA. Security Assistant displays security results in the default Error List window under warnings. All security issues contain rich details and recommendations enabling developers to quickly address security vulnerabilities. In addition to real time analysis, a full solution-wide analysis is available in the interface. 

Visit Microsoft’s Visual Studio marketplace to find the Fortify Security Assistant extension and install it into Visual Studio. 


  • All current Fortify Static Code Analyzer and Fortify on Demand Static Assessments customers are entitled to use Security Assistant with no additional licenses/fees and it will work with your existing license. If you have any issues, please contact support.
  • Requirements: Visual Studio 2017 Community, Professional, and Enterprise 15.6 or later. Documentation can be found here: HTMLPDF.

The below video contains a quick start tutorial on installing and using the Fortify Security Assistant for Visual Studio with a walk through by our product manager, Jimmy Rabon: 

0 Kudos