You are viewing an old version of this page. View the current version.
Compare with Current ·
View Page History
Name | Sonar Fortify Plugin |
License | LGPL v3 |
Authors | SonarSource |
JIRA | |
Sources | |
Latest version | Not released |
Download |
Description / Features
This plugin imports Fortify SSC reports. Provided features include:
- Import the Fortify Security Rating, value between 1 and 5
- Import the number of issues marked as critical, high, medium and low priority in Fortify
- Link to the Fortify SSC web report
- Import vulnerability issues as Sonar violations. Supported languages are ABAP, C#, C++, Cobol, Java, JavaScript, Python and VB.
 | This plugin is not autonomous nor server-less As said in the description above, this plugin imports audit reports available in Fortify SSC Server. This means that the plugin:
As a consequence, Fortify scans must have been run before executing this plugin on Sonar. |
Here are some screenshots of the plugin:
Installation
- Install the Fortify plugin through the Update Center or download it into the SONAR_HOME/extensions/plugins directory
- Restart the Sonar server
Usage
- Configure the connection to the Fortify SSC Server in Configuration > General Settings > Fortify:
- Server URL
- Login/password. Token-based authentication is not supported yet.
- Activate some Fortify rules in the Quality Profile
- Configure the project to be analyzed:
- By default project name and version must match the name and version defined in Fortify. They can be changed in Project Settings.
- Enable audit import on the projects that have been scanned by Fortify: set
sonar.fortify.enabletotruein Project Settings.
Inspect project. The following logs should appear:
Change Log
Labels
