Quick Search
Browse
Pages
Blog
Labels
Attachments
Mail
Advanced
What’s New
Space Directory
Feed Builder
Keyboard Shortcuts
Confluence Gadgets
Log In
Sign Up
Dashboard
Sonar
Copy Page
You are not logged in. Any changes you make will be marked as
anonymous
. You may want to
Log In
if you already have an account. You can also
Sign Up
for a new account.
This page is being edited by
.
Paragraph
Paragraph
Heading 1
Heading 2
Heading 3
Heading 4
Heading 5
Heading 6
Preformatted
Quote
Bold
Italic
Underline
More colours
Strikethrough
Subscript
Superscript
Monospace
Clear Formatting
Bullet list
Numbered list
Outdent
Indent
Align left
Align center
Align right
Link
Table
Insert
Insert Content
Image
Link
Attachment
Symbol
Emoticon
Wiki Markup
Horizontal rule
tinymce.confluence.insert_menu.macro_desc
Info
JIRA Issue
Status
Gallery
Tasklist
Table of Contents
Other Macros
Page Layout
No Layout
Two column (simple)
Two column (simple, left sidebar)
Two column (simple, right sidebar)
Three column (simple)
Two column
Two column (left sidebar)
Two column (right sidebar)
Three column
Three column (left and right sidebars)
Undo
Redo
Find/Replace
Keyboard Shortcuts Help
<table class="wysiwyg-macro" data-macro-name="unmigrated-inline-wiki-markup" data-macro-parameters="atlassian-macro-output-type=BLOCK" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e3VubWlncmF0ZWQtaW5saW5lLXdpa2ktbWFya3VwOmF0bGFzc2lhbi1tYWNyby1vdXRwdXQtdHlwZT1CTE9DS30&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="PLAIN_TEXT"><tr><td class="wysiwyg-macro-body"><pre>{iframe:src=http://update.sonarsource.org/plugins/fortify.html|width=700|height=250|frameborder=0} Your browser does not support iframes. {iframe}</pre></td></tr></table><h1>Description / Features</h1><p>This plugin imports Fortify SSC reports into Sonar:</p><ul><li>Import the Fortify Security Rating, value between 1 and 5</li><li>Import the number of issues marked as critical, high, medium and low priority in Fortify</li><li>Link to the Fortify SSC web report</li><li>Import vulnerability issues as Sonar violations. Supported languages are ABAP, C#, C++, Cobol, Java, JavaScript, Python and VB.</li></ul><table class="wysiwyg-macro" data-macro-name="info" data-macro-parameters="title=This plugin is not autonomous nor server-less" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e2luZm86dGl0bGU9VGhpcyBwbHVnaW4gaXMgbm90IGF1dG9ub21vdXMgbm9yIHNlcnZlci1sZXNzfQ&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="RICH_TEXT"><tr><td class="wysiwyg-macro-body"><p>As said in the description above, this plugin <u>imports</u> audit reports available in Fortify SSC Server. This means that the plugin:</p><ul><li>does not trigger Fortify scans</li><li>needs a connection to the Fortify server to retrieve the results</li></ul><div>As a consequence, <strong>Fortify scans must have been run <u>before</u> executing this plugin on Sonar</strong>.</div><div>The plugin has been developed and tested with <strong>Fortify 2.50</strong>. Older versions might also work (feel free to tell us on the user mailing list if you managed to make it work in this case).</div></td></tr></table><table class="wysiwyg-macro" data-macro-name="note" data-macro-parameters="title=Multi-module projects are currently supported only for Java projetcts" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e25vdGU6dGl0bGU9TXVsdGktbW9kdWxlIHByb2plY3RzIGFyZSBjdXJyZW50bHkgc3VwcG9ydGVkIG9ubHkgZm9yIEphdmEgcHJvamV0Y3RzfQ&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="RICH_TEXT"><tr><td class="wysiwyg-macro-body"><p>The Fortify plugin currently does not support multi-module for languages other than Java. You can watch and vote for the following JIRA ticket concerning this issue: <a href="http://jira.codehaus.org/browse/SONARPLUGINS-2452">SONARPLUGINS-2452</a></p></td></tr></table><p> </p><p>Here are some screenshots of the plugin:</p><p><br /><img class="confluence-embedded-image" src="/download/attachments/231079982/fortify-widget.png?version=1&modificationDate=1369209302519" data-image-src="/download/attachments/231079982/fortify-widget.png?version=1&modificationDate=1369209302519" data-linked-resource-id="231375028" data-linked-resource-type="attachment" data-linked-resource-default-alias="fortify-widget.png" data-base-url="http://docs.codehaus.org" data-linked-resource-container-id="231079982" title="null > fortify-widget.png"><br /><img class="confluence-embedded-image" src="/download/attachments/231079982/fortify-issues.png?version=1&modificationDate=1369209302495" data-image-src="/download/attachments/231079982/fortify-issues.png?version=1&modificationDate=1369209302495" data-linked-resource-id="231375024" data-linked-resource-type="attachment" data-linked-resource-default-alias="fortify-issues.png" data-base-url="http://docs.codehaus.org" data-linked-resource-container-id="231079982" title="null > fortify-issues.png"></p><h1>Installation</h1><ol><li>Install the Fortify plugin through the <a href="http://docs.codehaus.org/display/SONAR/Update+Center">Update Center</a> or download it into the SONAR_HOME/extensions/plugins directory</li><li>Restart the Sonar server</li></ol><h1>Usage</h1><ol><li>Configure the connection to the Fortify SSC Server in Settings > Configuration > General Settings > Fortify:<br /><ul><li>Server URL</li><li>Login/password. Token-based authentication is not supported yet.</li></ul></li><li>Activate some Fortify rules in the <a class="confluence-link" href="/display/SONAR/Quality+Profiles" data-linked-resource-id="114786474" data-linked-resource-type="page" data-linked-resource-default-alias="Quality Profiles" data-base-url="http://docs.codehaus.org">Quality Profile</a></li><li>Configure the project to be analyzed:<br /><ul><li>By default project name and version must match the name and version defined in Fortify. They can be changed in Project Settings.</li><li>Enable audit import on the projects that have been scanned by Fortify: set <code>sonar.fortify.enable</code> to <code>true</code> in Project Settings.</li></ul></li><li><p>Inspect project. The following logs should appear:</p><table class="wysiwyg-macro" data-macro-name="code" style="background-image: url(/plugins/servlet/confluence/placeholder/macro-heading?definition=e2NvZGV9&locale=en_GB&version=2); background-repeat: no-repeat;" data-macro-body-type="PLAIN_TEXT"><tr><td class="wysiwyg-macro-body"><pre>[INFO] [14:03:32.720] Fortify SSC Project: <Fortify project name>, version: <Fortify project version> [INFO] [14:03:35.643] Sensor Fortify Audit Context... [INFO] [14:03:35.643] Sensor Fortify Audit Context done: 0 ms [INFO] [14:03:35.643] Sensor Fortify Performance Indicators... [INFO] [14:03:36.701] Sensor Fortify Performance Indicators done: 1058 ms [INFO] [14:03:36.701] Sensor Fortify Issues... [INFO] [14:04:35.131] Loading 171 Fortify issues [INFO] [14:04:35.149] Sensor Fortify Issues done: 58448 ms</pre></td></tr></table><p><img class="confluence-embedded-image" src="/download/attachments/231079982/fortify-global-settings.png?version=1&modificationDate=1369209302518" data-image-src="/download/attachments/231079982/fortify-global-settings.png?version=1&modificationDate=1369209302518" data-linked-resource-id="231375027" data-linked-resource-type="attachment" data-linked-resource-default-alias="fortify-global-settings.png" data-base-url="http://docs.codehaus.org" data-linked-resource-container-id="231079982" title="null > fortify-global-settings.png"><br /><img class="confluence-embedded-image" src="/download/attachments/231079982/fortify-project-settings-1.png?version=1&modificationDate=1369209302496" data-image-src="/download/attachments/231079982/fortify-project-settings-1.png?version=1&modificationDate=1369209302496" data-linked-resource-id="231375025" data-linked-resource-type="attachment" data-linked-resource-default-alias="fortify-project-settings-1.png" data-base-url="http://docs.codehaus.org" data-linked-resource-container-id="231079982" title="null > fortify-project-settings-1.png"><br /><img class="confluence-embedded-image" src="/download/attachments/231079982/fortify-rules.png?version=1&modificationDate=1369209302477" data-image-src="/download/attachments/231079982/fortify-rules.png?version=1&modificationDate=1369209302477" data-linked-resource-id="231375023" data-linked-resource-type="attachment" data-linked-resource-default-alias="fortify-rules.png" data-base-url="http://docs.codehaus.org" data-linked-resource-container-id="231079982" title="null > fortify-rules.png"></p></li></ol><h1>Change Log</h1><p><img class="editor-inline-macro" src="/plugins/servlet/confluence/placeholder/macro?definition=e2ppcmFpc3N1ZXM6YW5vbnltb3VzPXRydWV8dGl0bGU9UmVsZWFzZSAxLjB8aGVpZ2h0PTYwfHJlbmRlck1vZGU9c3RhdGljfHdpZHRoPTkwMHxjb2x1bW5zPXR5cGU7a2V5O3N1bW1hcnk7cHJpb3JpdHl8dXJsPWh0dHA6Ly9qaXJhLmNvZGVoYXVzLm9yZy9zci9qaXJhLmlzc3Vldmlld3M6c2VhcmNocmVxdWVzdC14bWwvdGVtcC9TZWFyY2hSZXF1ZXN0LnhtbD9maXhmb3I9MTg3MDUmcGlkPTExOTExJnNvcnRlci9maWVsZD1wcmlvcml0eSZzb3J0ZXIvb3JkZXI9REVTQyZ0ZW1wTWF4PTEwMDB9&locale=en_GB&version=2" data-macro-name="jiraissues" data-macro-parameters="anonymous=true|columns=type;key;summary;priority|height=60|renderMode=static|title=Release 1.0|url=http://jira.codehaus.org/sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml?fixfor\=18705&pid\=11911&sorter/field\=priority&sorter/order\=DESC&tempMax\=1000|width=900"></p>
Please type the word appearing in the picture.
Attachments
Labels
Location
Watch this page
< Edit
Preview >
Loading…
Save
Cancel
Next hint
search
attachments
weblink
advanced