Description / Features
This plugin imports Fortify SSC reports into SonarQube:
- Import the Fortify Security Rating, value between 1 and 5
- Import the number of issues marked as critical, high, medium and low priority in Fortify
- Link to the Fortify SSC web report
Here are some screenshots of the plugin:
- Install the plugin through the Update Center or download it into the SONARQUBE_HOME/extensions/plugins directory
- Restart the SonarQube server
- Configure the connection to the Fortify SSC Server in Settings > General Settings > Fortify:
- Server URL
- Login/password. Token-based authentication is not supported yet.
- Activate some Fortify rules in the Quality Profile
- Configure the project to be analyzed:
- By default project name and version must match the name and version defined in Fortify. They can be changed in Project Settings.
- Enable audit import on the projects that have been scanned by Fortify: set
truein Project Settings.
Run a SonarQube analysis. The following logs should appear:
com.atlassian.confluence.macro.MacroExecutionException: JIRA project does not exist or you do not have permission to view it.