Fortify BugTracker Utility

200304

Micro Focus Micro Focus Community

Micro Focus | Micro Focus Community

FortifyBugTrackerUtility allows for submitting vulnerabilities from either Fortify on Demand (FoD) or Software Security Center (SSC) to various bug trackers and other external systems including ALM Octane, JIRA, Archer, and MS TFS.
423 downloads

Description

FortifyBugTrackerUtility allows for automated submission of vulnerability information from both Fortify on Demand (FoD) and Fortify Software Security Center (SSC) to bug tracking systems like Atlassian JIRA, ALM Octane and Microsoft Azure DevOps (formerly TFS/VSTS), and other external systems like RSA Archer or CSV file.The utility is fully configurable through an XML configuration file, specifying details like:

  • Vulnerability selection criteria, for example submitting only vulnerabilities audited as 'Exploitable'
  • Vulnerability grouping criteria, for example submitting a single ticket for all XSS vulnerabilities in a single JSP file
  • Fields to be submitted to the bug tracker
  • State management, specifying how to close or re-open bug tracker issues based on SSC/FoD vulnerability state

Some advantages compared to the native bug tracker functionality included with FoD/SSC:

  • Fully automated workflow; the utility can be run on a scheduled basis or as part of build jobs
  • Fully configurable; many scenarios can be supported without requiring any code changes
  • Open source, allowing for easily adding support for other systems
  • May support external systems that are not (yet) supported by FoD/SSC
  • Supports submitting a single vulnerability to multiple external systems
  • For FoD: Allows for submitting issues to on-premise bug trackers without requiring a direct connection between FoD and the on-premise bug tracker

For detailed usage and configuration instructions, please refer to the documentation included with the distribution zip file.This utility was developed by Fortify Professional Services in collaboration with the customer community. The plugin is provided as-is and is not supported through the regular Fortify support channels. If you require assistance with deployment, bug fixes or enhancements, we encourage you to reach out to your Fortify Professional Services representative, or send an email to fortify-plugins-request@microfocus.com.

Releases

Release
Size
Date
Fortify BugTracker Utility 3.7
Apr 5, 2019
More info Less info
Product compatibility
Fortify on Demand
Version 0.0
Release notes

FortifyBugTrackerUtility allows for automated submission of vulnerability information from both Fortify on Demand (FoD) and Fortify Software Security Center (SSC) to bug tracking systems like Atlassian JIRA, ALM Octane and Microsoft Azure DevOps (formerly TFS/VSTS), and other external systems like RSA Archer or CSV file.The utility is fully configurable through an XML configuration file, specifying details like:

  • Vulnerability selection criteria, for example submitting only vulnerabilities audited as 'Exploitable'
  • Vulnerability grouping criteria, for example submitting a single ticket for all XSS vulnerabilities in a single JSP file
  • Fields to be submitted to the bug tracker
  • State management, specifying how to close or re-open bug tracker issues based on SSC/FoD vulnerability state

Some advantages compared to the native bug tracker functionality included with FoD/SSC:

  • Fully automated workflow; the utility can be run on a scheduled basis or as part of build jobs
  • Fully configurable; many scenarios can be supported without requiring any code changes
  • Open source, allowing for easily adding support for other systems
  • May support external systems that are not (yet) supported by FoD/SSC
  • Supports submitting a single vulnerability to multiple external systems
  • For FoD: Allows for submitting issues to on-premise bug trackers without requiring a direct connection between FoD and the on-premise bug tracker

For detailed usage and configuration instructions, please refer to the documentation included with the distribution zip file.This utility was developed by Fortify Professional Services in collaboration with the customer community. The plugin is provided as-is and is not supported through the regular Fortify support channels. If you require assistance with deployment, bug fixes or enhancements, we encourage you to reach out to your Fortify Professional Services representative, or send an email to fortify-plugins-request@microfocus.com.

Languages
English
Fortify BugTracker Utility 3.5
Aug 13, 2018
More info Less info
Product compatibility
Fortify
Version 17.1 · 17.20
Version 18.10
Release notes

Major update with lot's of internal refactoring, bug fixes and new and changed functionality. The sections below provide more details about the major changes from an end user perspective.Documentation & command usage:

  • A lot of documentation has been added and updated.
  • The '-help' function has been improved, providing a lot more detail about available command line options.
  • Command line options can now be specified in arbitrary order, and prefixed with either a single or double dash.
  • Most command line options can either be provided on the command line or in the configuration file.
  • The utility no longer prompts for required command line option values like URL's and credentials; you will need to explicitly provide these as command line options (on the command line or through the configuration file). If you have a need for having the utility prompt for option values, please file a feature request.

Configuration:

  • Configuration file format has changed significantly. If you were previously using a customized configuration file, you will need to re-do these customizations based on the new configuration files included in the distribution.
  • SSC application version/FoD application release processing has been improved and offers additional functionality.
  • The utility now allows for arbitrary data to be loaded from FoD/SSC by configuring additional REST API endpoints to be invoked, allowing users to use this data for filtering and target issue data.
  • Additional target issue data is now available for use in the configuration files, thereby increasing the possibilities for bidirectional sync.
  • Various other new or improved configuration settings.

Functionality & bug fixes:

  • The 'Add Existing Bugs' native SSC bug tracker plugin now also supports SSC 17.20+.
  • Previously the utility blindly updated target issue fields during every state management operation. This new version checks whether any target issue fields need to be updated, and only updates these fields if there have been any changes.
  • Improved error management and additional checks, for example to avoid processing vulnerabilities that have been previously submitted to a target system on a different host.
  • Bug fix for improved performance when loading vulnerability data from SSC.
Languages
English
Fortify BugTracker Utility 3.4
40.2 MB
  |  
Jun 6, 2018
More info Less info
Product compatibility
Fortify Software Security Center
Version 18.10
Release notes

Internal refactoring to use generic Fortify Client API library

  • Bug fixes and various changes
  • Build process updated to use Maven release plugin
Languages
English
FortifyBugTrackerUtility 3.1
Aug 29, 2017
More info Less info
Product compatibility
Fortify on Demand
Version 0.0
Fortify Software Security Center
Version 17.1 · 17.20
Release notes
  • Added updated documentation to distribution zip
  • Fixed bug that prevented users from specifying user name and password for native SSC bug tracker integrations
  • Added SSC 'Add Existing Bugs' native bug tracker integration
Languages
English

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.
Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox