FortifyBugTrackerUtility allows for automated submission of vulnerability information from both Fortify on Demand (FoD) and Fortify Software Security Center (SSC) to bug tracking systems like Atlassian JIRA, ALM Octane and Microsoft Azure DevOps (formerly TFS/VSTS), and other external systems like RSA Archer or CSV file.The utility is fully configurable through an XML configuration file, specifying details like:

  • Vulnerability selection criteria, for example submitting only vulnerabilities audited as 'Exploitable'
  • Vulnerability grouping criteria, for example submitting a single ticket for all XSS vulnerabilities in a single JSP file
  • Fields to be submitted to the bug tracker
  • State management, specifying how to close or re-open bug tracker issues based on SSC/FoD vulnerability state

Some advantages compared to the native bug tracker functionality included with FoD/SSC:

  • Fully automated workflow; the utility can be run on a scheduled basis or as part of build jobs
  • Fully configurable; many scenarios can be supported without requiring any code changes
  • Open source, allowing for easily adding support for other systems
  • May support external systems that are not (yet) supported by FoD/SSC
  • Supports submitting a single vulnerability to multiple external systems
  • For FoD: Allows for submitting issues to on-premise bug trackers without requiring a direct connection between FoD and the on-premise bug tracker

For detailed usage and configuration instructions, please refer to the documentation included with the distribution zip file.This utility was developed by Fortify Professional Services in collaboration with the customer community. The plugin is provided as-is and is not supported through the regular Fortify support channels. If you require assistance with deployment, bug fixes or enhancements, we encourage you to reach out to your Fortify Professional Services representative, or send an email to

Suggested apps

Suggested for you are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.


Fortify BugTracker Utility 3.9
Jan 8, 2020
More info Less info
Product compatibility
Version 21.1
Version 20.20 · 20.10
Version 19.20 · 19.10
Version 18.20 · 18.10
Release notes

SSC: Added configuration options for including hidden/suppressed/removed vulnerabilities


Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.

Marketplace Terms of Service

In order to continue, you must accept the updated Marketplace Terms of Service
Since you are downloading an app from the Micro Focus Marketplace, you need to accept the updated Marketplace Terms of Service before you can continue. Use the link to review the Marketplace Terms of Service. Once complete check the, "I accept the Marketplace Terms of Service" box below and click accept to continue your download.

Your download has begun...

Your download has begun

Related content and resources

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2021-9-2-4492 | Wed Sep 22 18:00:11 PDT 2021