Open Source

Sonatype Nexus Lifecycle integration with SSC

184641

Sonatype Community

App Support Tiers

MICRO FOCUS SUPPORTED

Support via Micro Focus Software Support, with a ticket filed against the associated product.

PARTNER

Micro Focus offers a content partnership program for select partners. Support for Partner Content offerings is provided by the partner and not by Micro Focus of the Micro Focus community.

MICRO FOCUS COMMUNITY

Micro Focus Community Content is provided by Micro Focus for the benefit of customers, support for it is not available via Micro Focus Software Support but through specific community content forums.

COMMUNITY

Community Contributed Content is provided by Micro Focus customers and supported by them.

Sonatype | Community

This bundle contains the parser plugin for Software Security Center and an integration service that can integrate results from Sonatype's Nexus Lifecycle alongside findings from SCA, providing a consolidated view of application vulnerabilities.
1 reviews
213 downloads
Download
  • Have questions about this item?

  • Contact us

Description

Compliment you SaST, DaST and IaST finding in SSC with Open Source security data from Sonatype's Nexus Lifecycle solution, powered by Nexus Intelligence, to get a complete, 360 degree view of your applications security posture.

Sonatype's Nexus Lifecycle is an open source Software Supply Chain Governance platform that allows organizations to precisely identify and reduce risk from the use of open source software without introducing false positives. This integration service and parser plugin can automatically publish results to Fortify Software Security Center (SSC) providing a consolidated view of vulnerable component findings alongside your SaAST, DaST and IaST findings. This Nexus Lifecycle integration accomplishes this by:

  • The Service looks for new reports in Nexus Lifecycle and pushes findings to Fortify SSC on a periodic basis (configurable)
  • There is a configurable mappings file to correlate application/phase repots in Nexus Lifecycle with application/version in SSC
  • A plugin for Fortify SSC parses Nexus Lifecycle findings

This plugin is free for all Sonatype Nexus Lifecycle customers.

Minimum Requirements

The plugin parser and integration were developed and tested against 18.10 and 18.20 of the Fortify SSC product

Releases

Release
Size
Date
SonatypeFortifyBundle 19.2.0.9
21.6 MB
  |  
Nov 13, 2019
More info Less info
Product compatibility
Fortify Software Security Center
Version 18.10
Release notes

Fixed issue where all vulns were coming in as Vulnerable OSS with a CVE number attached. Added a 'recommended version' to the remediation guidance

Languages
English
Files
SonatypeFortifyBundle 18.20
21.1 MB
  |  
Dec 11, 2018
More info Less info
Product compatibility
Fortify Software Security Center
Version 18.10
Release notes

This is the initial release of Sonatype's Nexus Lifecycle integration for Fortify SSC. Complete documentation can be found in the bundle.

Languages
English
Files

Resources

Nexus Intelligence

Similar items

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.
Unsubscribe Cancel

Marketplace Terms of Service

In order to continue, you must accept the Marketplace Terms of Service
Since you are downloading an app from the Micro Focus unified Marketplace using an Access Manager account, you need to also accept the Micro Focus Marketplace Terms of Service before you can continue. Use the link to review the Marketplace Terms of Service. Once complete check the, "I accept the Marketplace Terms of Service" box below and click accept to continue your download.


Accept Cancel
Your download has begun...

Your download has begun

Related content and resources

Discover Digital Transformation (DX)

Why secure data analytics is critical for CCPA compliance

5 ways to attract the best information security pros

How a zero-trust approach can protect your cloud resources

AI and cybersecurity: 3 things your team needs to know

Why the new privacy laws demand data-centric security
Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2020-3-2-2305 | Thu Mar 19 03:14:22 PDT 2020