Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 14 Next »

Description

This plugin imports Fortify SSC reports. Provided features include :

  • Import the Fortify Security Rating, value between 1 and 5.
  • Import the number of issues marked as critical, high, medium and low priority in Fortify
  • Link to the Fortify SSC web report
  • Import vulnerability issues as Sonar violations. Supported languages are ABAP, C#, C++, Cobol, Java, Javascript, Python and VB.

This plugin is not autonomous nor server-less

Icon

As said in the description above, this plugin imports audit reports available in Fortify SSC Server. This means that:

  • the plugin does not trigger Fortify scans
  • the plugin needs a connection to the Fortify server to retrieve the results
As a consequence, Fortify scans must have been run before executing this plugin on Sonar.

Here are some screenshots of the plugin:



Configuration

  1. Configure the connection to the Fortify SSC Server in Configuration > General Settings > Fortify
    • Server URL
    • Login/password. Token-based authentication is not supported yet.
  2. Activate some Fortify rules in the Quality profile
  3. Configure the project to be analyzed
    • By default project name and version must match the name and version defined in Fortify. They can be changed in Project Settings.
    • Enable audit import on the projects that have been scanned by Fortify : set sonar.fortify.enable to true in Project Settings.
  4. Inspect project. The following logs should appear :



  • No labels