Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

(warning) This is documentation for upcoming version 2.0. Previous documentation is located at "Fortify Plugin (1.x)".

Wiki Markup
Your browser does not support iframes.


  • Parse extracted rulepacks to have rule descriptions into SQ
  • Import vulnerability issues as SonarQube issues. Supported languages are ABAP, C#, C++, Cobol, Java, JavaScript, Python and VB.
  • Compute the Fortify Security Rating, value between 1 and 5
  • Compute the number of issues marked as critical, high, medium and low priority in Fortify
titleThis The plugin is does not autonomoustrigger Fortify scans

As stated in the description above, this plugin imports audit reports. This means that the plugin does not trigger Fortify scans. As a consequence, Fortify scans must have been run before executing this plugin on SonarQube.

The plugin has been developed and tested with Fortify 2.50. Older versions might also work (feel free to tell us on the user mailing list if you managed to make it work in this case).