Description

Compliment your SaST, DaST and IaST finding in Fortify SSC with Open Source security data from Sonatype´s Nexus Lifecycle solution, powered by Nexus Intelligence, to get a complete, 360 degree view of your applications security posture.

Sonatype's Nexus Lifecycle is an open source Software Supply Chain Governance platform that allows organizations to precisely identify and reduce risk from the use of open source software without introducing false positives. This integration service and parser plugin can automatically publish results to Fortify Software Security Center (SSC) providing a consolidated view of vulnerable component findings alongside your SaAST, DaST and IaST findings. This Nexus Lifecycle integration accomplishes this with:

  • A Service which looks for new reports in Nexus Lifecycle and pushes findings to Fortify SSC on a periodic basis (configurable)
  • A configurable mappings file to correlate application/phase repots in Nexus Lifecycle with application/version in SSC
  • A plugin for Fortify SSC which parses Nexus Lifecycle findings

This plugin is free for all Sonatype Nexus Lifecycle customers.

Minimum Requirements

The plugin parser and integration were developed and tested against 19.X, 20.2.X and 21.2.X of the Fortify SSC product

Suggested apps

Suggested for you are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.

Releases

Release
Size
Date
SonatypeFortifyBundle 4.2.0
May 6, 2022
More info Less info
Product compatibility
Version 19.10 · 19.20
Version 20.20
Version 21.2
Release notes
  • Skip upload to SSC for reports generated by Continuous Monitoring (unless changes are detected)
  • Improved logs to make them less verbose and easier to read
  • Added support to read login credentials from environment variables (Environment variables have preference over the properties file).
  • Added support for synchronization with IQ Webhooks.
  • Updated Spring boot from version 2.5.6 to 2.6.6 in response to CVE-2022-22965
Languages
English

Resources

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.

Marketplace Terms of Service

In order to continue, you must accept the updated Marketplace Terms of Service
Since you are downloading an app from the Micro Focus Marketplace, you need to accept the updated Marketplace Terms of Service before you can continue. Use the link to review the Marketplace Terms of Service. Once complete check the, "I accept the Marketplace Terms of Service" box below and click accept to continue your download.


Your download has begun...

Your download has begun

Related content and resources

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2022-6-2-4916 | Thu Jun 23 00:32:11 PDT 2022