• Have questions about this item?

  • Contact us

Description

The Fortify Static Code Analyzer plugin allows you to execute static application security testing as part of a Deployment Automation workflow. This plugin provides the following steps:

  • Update Fortify Rulepacks - Update Fortify Security Content (Rulepacks) prior to a scan
  • Fortify SCA Clean - Clean up from a previous scan
  • Fortify SCA Translate - Convert source code to intermediary files to use in a scan
  • Fortify SCA Scan - Run a scan with Fortify Source Analyzer
  • Fortify SSC Upload - Upload the results of a scan to Software Security Center

This plugin can be used with Fortify Static Code Analyzer standalone or when integrated with Software Security Center. The plugin requires that Fortify Static Code Analyzer Tools have been previously installed on the endpoint where Deployment Automation executes a process.

The plugin provides discrete steps for translating and executing a scan. If possible you should execute Update Fortify Rulepacks first so that you are scanning with the latest rules. Then execute Clean, Translate and Scan in that order with the same Build Id. You can optionally upload the scan results to Software Security Center using the Fortify SSC Upload step. For this step you can create two Deployment Automation System Properties called ssc.serverUrl that refers to your Software Security Center URL (e.g. "https://server-name:8080/ssc") and ssc.authToken that refers to an authentication token of type AnalysisUploadToken that has been created in Software Security Center.

Source for the plugin can be found at at the following GitHub repo: https://github.com/sda-community-plugins/Fortify-SCA and can be updated by end users as needed.

Suggested apps

Suggested for you are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.

Releases

Release
Size
Date
Deployment Automation - Fortify SCA Plugin 1.0
523.4 KB
  |  
Jan 3, 2020
More info Less info
Product compatibility
Deployment Automation
Version 6.2.0 · 6.2.1 · 6.2.2 · 6.3.0 · 6.3.1 · 6.3.2
Release notes

Initial community release

Languages
English
Files

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.
Unsubscribe Cancel

Marketplace Terms of Service

In order to continue, you must accept the updated Marketplace Terms of Service
Since you are downloading an app from the OpenText Marketplace, you need to accept the updated Marketplace Terms of Service before you can continue. Use the link to review the Marketplace Terms of Service. Once complete check the, "I accept the Marketplace Terms of Service" box below and click accept to continue your download.


Accept Cancel
Your download has begun...

Your download has begun

Related content and resources

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2024-4-2-6132 | Wed Apr 24 01:40:57 PDT 2024