Good day to everybody, I have a problem running a Fortify On Demand pipneline in Azure Devops. It is the IWA-JAVA application for DEMO.
The error in question is the following
" Error: LinkageError occurred while loading main class com.fortify.scancentral…
I have a FOD account. I have created an application and under that I have 6 Microservices that are to be scanned.
Normal FOD scan no issues, I go to the Application then scan the required Microservice.
If i need to integrate the same in GitHub actions…
Hello,
I am facing an issue when using Fortify Static Code Analyzer (SCA) with a Gradle project. Below are the steps I followed and the error encountered:
Steps Taken:
Running Gradle without Fortify:
./gradlew build
Output:
…
Hello, I have downloaded the Fortify plugins on Eclipse, and they installed successfully, but when I ran any one of them, nothing was happening.
I mean, there was no sign on Eclipse showing that the scan was running.
And I have that error.
Hi guys, any of you guys successfully excluded unit test components from scan? How do you do it? My yml file right now have something like this for files exclusions: -
'-scanExclusion "fortify-scripts,*spec.ts"
for folder of "fortify-scripts" I…
Hello, i'm trying to integrate Fortify SSC into my gitlab pipeline but i didn't work for me.
this is my pipeline script :
fortify-sast-scancentral :
image : fortifydocker/fortify-ci-tools:latest
variables :
SC_SAST_SENSOR_VERSION : '23.1'…
Issue is (Unable to locate source file rendering information. Completion of an SCA scan using the latest version of sourceanalyzer is required to view source files.) getting error in SSC
Hello All,
I have been working on my first integration between Fortify SAST Integration with GitLab. I have been able to successfully implement a rather simple GitLab build pipeline that performs SCA before deploying the application.
Is there a feature…
Hi,
I am encountering a problem with the fcli command that I am running. I am trying to start a scan and attach it to an application:
+ /opt/Fortify/fcli/bin/fcli sc-sast scan start --appversion 3 -p packageWebgoat --sensor-version 22.2.0.0130…
I need help with setting up my pipeline correctly. I dont have much experience with jenkins and have learnt it on the fly when configuring SCA with Jenkins.
Im building the code on my Jenkins controller (Host1) and then translating and scanning it on…
I'm having a hard time finding the equivalent of the -python-path argument in YAML pipeline syntax.
Basically, i'm running a SAST Scan through my pipeline using the "Fortify ScanCentral SAST Assessment" task and its built-in fields. This task runs successfully…
Hello, I'm looking for suggestions on the best, most efficient way to scan a large number of a microservices at one time. We had a situation where about sixteen microservices applications where sent to our InfoSec team for static code scanning. Each application…
Yesterday we upgraded our Fortify environment to 21.1.2. Everything is working just fine. We have two SAST sensors, that we of course also upgraded. However, the ScanCentral Sensors tab in the SSC now lists four sensors, because it still shows entries…
Hello,
I'm trying to integrate GitLab with ScanCentral SAST. If the property allow_insecure_clients_with_empty_token is set to true and client_auth_token is empty it works but if I try to set a plain text password I get the following error:
Authentication…