Skip to content
/ Fortify-SCA Public

Fortify Static Code Analyzer plugin for Micro Focus Deployment Automation

License

GPL-3.0 license
1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sda-community-plugins/Fortify-SCA

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
release
release
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Fortify Static Code Analyzer plugin

The Fortify Static Code Analyzer plugin allows you to execute static application security testing as part of a Deployment Automation workflow.

This plugin is a work in progress but it is intended to provide the following steps:

  • Update Fortify Rulepacks - Update Fortify Security Content (Rulepacks) prior to a scan
  • Fortify SCA Clean - Clean up from a previous scan
  • Fortify SCA Translate - Convert source code to intermediary files to use in a scan
  • Fortify SCA Scan - Run a scan with Fortify Source Analyzer
  • Fortify SSC Upload - Upload the results of a scan to Software Security Center
  • Generate Fortify Report - Generate a Fortify Report from a results file
  • Install Fortify SCA - Install the Fortify Static Code Analyzer tools on an endpoint

This plugin can be used with Fortify Static Code Analyzer standalone or when integrated with Software Security Center. The plugin requires that Fortify Static Code Analyzer Tools have been previously installed on the endpoint where Deployment Automation executes a process. In future an additional step will be added to install the tools.

Installing the plugin

Download the latest version from the release directory and install into Deployment Automation from the Administration\Automation\Plugins page.

Using the plugin

The plugin provides discrete steps for translating and executing a scan. If possible you should execute Update Fortify Rulepacks first so that you are scanning with the latest rules. Then execute Clean, Translate and Scan in that order with the same Build Id. You can optionally upload the scan results to Software Security Center using the Fortify SSC Upload step. For this step you can create two Deployment Automation System Properties called ssc.serverUrl that refers to your Software Security Center URL (e.g. "https://server-name:8080/ssc") and ssc.authToken that refers to an authentication token of type AnalysisUploadToken that has been created in Software Security Center.

Building the plugin

To build the plugin you will need to clone the following repositories (at the same level as this repository):

and then compile using the following command

  mvn clean package

This will create a .zip file in the target directory when you can then install into Deployment Automation from the Administration\Automation\Plugins page.

If you have any feedback or suggestions on this template then please contact me using the details below.

Kevin A. Lee

[email protected]

Please note: this plugins is provided as a "community" plugin and is not supported by Micro Focus in any way.

About

Fortify Static Code Analyzer plugin for Micro Focus Deployment Automation

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages