The Fortify Static Code Analyzer plugin allows you to execute static application security testing as part of a Deployment Automation workflow. This plugin provides the following steps:
This plugin can be used with Fortify Static Code Analyzer standalone or when integrated with Software Security Center. The plugin requires that Fortify Static Code Analyzer Tools have been previously installed on the endpoint where Deployment Automation executes a process.
The plugin provides discrete steps for translating and executing a scan. If possible you should execute Update Fortify Rulepacks first so that you are scanning with the latest rules. Then execute Clean, Translate and Scan in that order with the same Build Id. You can optionally upload the scan results to Software Security Center using the Fortify SSC Upload step. For this step you can create two Deployment Automation System Properties called
ssc.serverUrl that refers to your Software Security Center URL (e.g. "https://server-name:8080/ssc") and
ssc.authToken that refers to an authentication token of type AnalysisUploadToken that has been created in Software Security Center.
Source for the plugin can be found at at the following GitHub repo: https://github.com/sda-community-plugins/Fortify-SCA and can be updated by end users as needed.
Suggested for you are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.
Related content and resources
Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox