Sonar Fortify Plugin
This plugin imports Fortify SSC reports. Provided features include :
- Import the Fortify Security Rating, value between 1 and 5.
- Import the number of issues marked as critical, high, medium and low priority in Fortify
- Link to the Fortify SSC web report
- Import vulnerability issues as Sonar violations
- New widget :
- Configure the connection to the Fortify SSC Server in Configuration > General Settings > Fortify
- Server URL
- Login/password. Token-based authentication is not supported yet.
- Configure the project to be analyzed
- By default project name and version must match the name and version defined in Fortify. They can be changed in Project Settings.
- Enable audit import on the projects that have been scanned by Fortify : set
truein Project Settings.
Inspect project. The following logs should appear :