Description

SourceAndLibScanner provides a command-line interface that enables you to combine both your Fortify Static Code Analyzer and Sonatype scan of your Java application into a single command. With this utility, you can integrate a single command into the build process of an application that you want to scan on a one-time or continuous basis. You also can upload the analysis results to Micro Focus Fortify Software Security Center. With SourceAndLibScanner, you can:

  • Scan your code with Fortify Static Code Analyzer and Sonatype, and then upload Fortify and Sonatype results to Fortify Software Security Center
  • Scan your code with Fortify Static Code Analyzer and Sonatype, then upload the Fortify results to Fortify Software Security Center and the Sonatype results to an on-premises Lifecycle product (Nexus IQ Server)
  • Perform Fortify Static Code Analyzer scans of your code OR perform Sonatype scans of your third- party components

The scanning options are:

  • Use Fortify Static Code Analyzer to scan your code for vulnerabilities with either the automatic build integration packager or native Fortify Static Code Analyzer commands
  • Use Sonatype to scan for open source component vulnerabilities using open source component scan service that Sonatype created specifically for Fortify customers or your locally deployed Nexus IQ Server


Minimum Requirements

Documentation is included with sourceandlibscanner download.

Releases

Release
Size
Date
SourceAndLibScanner 20.2.0
45.4 MB
  |  
Nov 17, 2020
More info Less info
Product compatibility
Release notes

Susceptibility analysis (tech preview) - Fortify is pleased to announce a new feature co-developed with Sonatype to determine whether a CVE is relevant to code that you write. In the first release, you are required to download the source code of the dependency and add it to the overall scan so that we can see private function / method calls.

Note: You will need SSC 20.2 to see the new "Open Source" tab where susceptibility analysis results are displayed.

Additional Language Support - In addition to Java, you can now scan JavaScript/TypeScript, C#, VB.NET, Go, Ruby, PHP, and Python.

Please see the included documentation inside the download zip for more details

Languages
English
SourceAndLibScanner 20.1.1
44.2 MB
  |  
Nov 6, 2020
More info Less info
Product compatibility
Version 20.10 · 20.20
Version 20.10 · 20.20
Release notes

New fail-on-policy-warnings options has been added. See description below or documentation included with download zip for details.

Sourcelibscanner can return a non-zero exit code, because you have the fail-on-policy-warnings option set, or because of IQ Server configuration options, for example, to fail upon policy violation in IQ. This is to maintain consistency of behavior between SourceAndLibScanner and native Sonatype CLI tools. For Example – IQ Server –potential configuration: If critical issues are found, scan is marked as “failed”, though the scan itself was completed successfully and the issues are available to be retrieved.

Languages
English
SourceAndLibScanner 20.1
43.0 MB
  |  
May 4, 2020
More info Less info
Product compatibility
Version 20.20 · 20.10
Version 19.10 · 19.20
Version 20.20 · 20.10
Version 19.22
Release notes

First release for Fortify's SourceAndLibScanner

Languages
English

Similar items

Similar apps are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.

Marketplace Terms of Service

In order to continue, you must accept the Marketplace Terms of Service and Micro Focus Terms of Service
Since you are downloading an app from the Micro Focus unified Marketplace using an Access Manager account, you need to also accept the Micro Focus Marketplace Terms of Service before you can continue. Use the link to review the Marketplace Terms of Service. Once complete check the, "I accept the Marketplace Terms of Service and the Micro Focus Terms of Service" box below and click accept to continue your download.


Your download has begun...

Your download has begun

Related content and resources

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2020-11-1-3429 | Wed Nov 11 03:39:48 PST 2020