Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Configure the connection to the Fortify SSC Server in Settings > General Settings > Fortify:
    • Server URL
    • Login/password. Token-based authentication is not supported yet.
       
  2. Activate some rules from the "Fortify" rule repositorys in the Quality Profile
     
  3. Configure the project to be analyzed:
    • Project name ( By default, the Fortify plugin will try to match the value of sonar.fortify.projectName) and version (sonar.fortify.projectVersion) must match with the name and version defined of a project in your Fortify . They may be defined in the project's analysis properties or via the SonarQube interfaceserver. If they don't match, you can use sonar.fortify.projectName and sonar.fortify.projectVersion to configure the correct values.
    • Enable audit import on the projects you want to be scanned by Fortify: set the sonar.fortify.enable property to true.
       
  4. Run a SonarQube analysis. Something like the following should appear in the log:

    Code Block
    [INFO] [14:03:32.720] Fortify SSC Project: <Fortify project name>, version: <Fortify project version>
    [INFO] [14:03:35.643] Sensor Fortify Audit Context...
    [INFO] [14:03:35.643] Sensor Fortify Audit Context done: 0 ms
    [INFO] [14:03:35.643] Sensor Fortify Performance Indicators...
    [INFO] [14:03:36.701] Sensor Fortify Performance Indicators done: 1058 ms
    [INFO] [14:03:36.701] Sensor Fortify Issues...
    [INFO] [14:04:35.131] Loading 171 Fortify issues
    [INFO] [14:04:35.149] Sensor Fortify Issues done: 58448 ms
    Note
    titleSecurity note for SonarQube 3.4.0 to 3.6.3 included

    For the *.secured properties to be read during the project analysis, it is necessary to set the sonar.login and sonar.password properties to the credentials of a user that is:

    • System administrator
    • And project administrator on the project that is being analyzed
    Example:
    sonar-runner -Dsonar.login=admin -Dsonar.password=admin

...