Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Description / Features

This plugin imports Fortify SSC reports. Provided features include:

  • Import the Fortify Security Rating, value between 1 and 5.
  • Import the number of issues marked as critical, high, medium and low priority in Fortify
  • Link to the Fortify SSC web report
  • Import vulnerability issues as Sonar violations. Supported languages are ABAP, C#, C++, Cobol, Java, JavascriptJavaScript, Python and VB.
Info
titleThis plugin is not autonomous nor server-less

As said in the description above, this plugin imports audit reports available in Fortify SSC Server. This means that the plugin:

  • the plugin does not trigger Fortify scans
  • the plugin needs a connection to the Fortify server to retrieve the results
As a consequence, Fortify scans must have been run before executing this plugin on Sonar.

Here are some screenshots of the plugin:



Configuration

Installation

  1. Install the Fortify plugin through the Update Center or download it into the SONAR_HOME/extensions/plugins directory
  2. Restart the Sonar server

Usage

  1. Configure the connection to the Fortify SSC Server in Configuration > General Settings > Fortify:
    • Server URL
    • Login/password. Token-based authentication is not supported yet.
  2. Activate some Fortify rules in the Quality profileProfile
  3. Configure the project to be analyzed:
    • By default project name and version must match the name and version defined in Fortify. They can be changed in Project Settings.
    • Enable audit import on the projects that have been scanned by Fortify: set sonar.fortify.enable to true in Project Settings.
  4. Inspect project. The following logs should appear:

    Code Block
    [INFO] [14:03:32.720] Fortify SSC Project: <Fortify project name>, version: <Fortify project version>
    [INFO] [14:03:35.643] Sensor Fortify Audit Context...
    [INFO] [14:03:35.643] Sensor Fortify Audit Context done: 0 ms
    [INFO] [14:03:35.643] Sensor Fortify Performance Indicators...
    [INFO] [14:03:36.701] Sensor Fortify Performance Indicators done: 1058 ms
    [INFO] [14:03:36.701] Sensor Fortify Issues...
    [INFO] [14:04:35.131] Loading 171 Fortify issues
    [INFO] [14:04:35.149] Sensor Fortify Issues done: 58448 ms



Change Log

JIRA Issues
anonymoustrue
titleRelease 1.0
height60
renderModestatic
width900
columnstype;key;summary;priority
urlhttp://jira.codehaus.org/sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml?fixfor=18705&pid=11911&sorter/field=priority&sorter/order=DESC&tempMax=1000