Message-ID: <1518744479.111.1430205334332.JavaMail.firstname.lastname@example.org> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_110_361432885.1430205334331" ------=_Part_110_361432885.1430205334331 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
This plugin imports Fortify SSC rules descriptions and SCA reports into = SonarQube:
Here are some screenshots from the plugin:
The SCA command-line, named "sourceanalyzer", must be executed= before SonarQube analyzer. The generated report (FPR or VFDL file) is pars= ed to convert Fortify vulnerabilities to SonarQube issues. By nature SonarQ= ube issues relate to rules that are activated in Quality profiles. For this= reason don't forget to activate the For= tify rules in the selected Quality P= rofiles. Note that severity of rules are taken from Fortify report so t= he severity configured in quality profile is ignored.
The path to the Fortify report is set by the property "sonar.fortif= y.reportPath". Path is absolute or relative to the module base directo= ry. If the property is missing then the plugin is disabled.
Something like th= e following should appear in the log:
Previous documentation for older versions is located at "Fortify Plugin (1.x)".