Welcome! You are invited to join a webinar: DevSecOps in 2025: Pairing SAST & SCA for a Next-Gen AppSec Strategy. After registering, you will receive a confirmation email about joining the webinar.
Date & Time: Jan 23, 2025 05:00 PM in Amsterdam…
Good day to everybody, I have a problem running a Fortify On Demand pipneline in Azure Devops. It is the IWA-JAVA application for DEMO.
The error in question is the following
" Error: LinkageError occurred while loading main class com.fortify.scancentral…
I have a FOD account. I have created an application and under that I have 6 Microservices that are to be scanned.
Normal FOD scan no issues, I go to the Application then scan the required Microservice.
If i need to integrate the same in GitHub actions…
Hello,
I am facing an issue when using Fortify Static Code Analyzer (SCA) with a Gradle project. Below are the steps I followed and the error encountered:
Steps Taken:
Running Gradle without Fortify:
./gradlew build
Output:
…
Hello, I have downloaded the Fortify plugins on Eclipse, and they installed successfully, but when I ran any one of them, nothing was happening.
I mean, there was no sign on Eclipse showing that the scan was running.
And I have that error.
Hi guys, any of you guys successfully excluded unit test components from scan? How do you do it? My yml file right now have something like this for files exclusions: -
'-scanExclusion "fortify-scripts,*spec.ts"
for folder of "fortify-scripts" I…
Hello, i'm trying to integrate Fortify SSC into my gitlab pipeline but i didn't work for me.
this is my pipeline script :
fortify-sast-scancentral :
image : fortifydocker/fortify-ci-tools:latest
variables :
SC_SAST_SENSOR_VERSION : '23.1'…
When approaching the domain of application security , particularly through the lens of Static Application Security Testing (SAST) , one critical concern that frequently arises pertains to the initial analysis phase with tools like Fortify SAST. The prospect…
When you run Fortify Static Code Analyzer, large and complex scans can often take a long time to complete. During the scan it is not always clear what is happening. While Fortify recommends that you provide your debug logs to the Customer Support team…
Issue is (Unable to locate source file rendering information. Completion of an SCA scan using the latest version of sourceanalyzer is required to view source files.) getting error in SSC
Hello All,
I have been working on my first integration between Fortify SAST Integration with GitLab. I have been able to successfully implement a rather simple GitLab build pipeline that performs SCA before deploying the application.
Is there a feature…
Is it safe to assume that as of yet fortifydocker/fortify-ci-tools does not support projects built with Java 17 ?
(hence the errors I am getting during compilation that the maven plugin is failing because of unsupported Java 17?)
I want to make sure…
Hi,
I am encountering a problem with the fcli command that I am running. I am trying to start a scan and attach it to an application:
+ /opt/Fortify/fcli/bin/fcli sc-sast scan start --appversion 3 -p packageWebgoat --sensor-version 22.2.0.0130…
We recently held a webinar going over the recent 2023 State of Code Security. Thanks to all who were able to attend. If you missed it or you would like to review what we shared, you can catch the on-demand recording here . Below are several highlights…
Ramp up your skills with Fortify on Demand SAST DevSecOps course! This course helps the 'user' run FoD in their DevOps pipelines to include Security early in the SDLC. The focus is around providing simple steps to run Fortify scans in FoD as part of your…
I need help with setting up my pipeline correctly. I dont have much experience with jenkins and have learnt it on the fly when configuring SCA with Jenkins.
Im building the code on my Jenkins controller (Host1) and then translating and scanning it on…
In November, MFGS, Inc. sponsored the AFCEA Alamo ACE conference in San Antonio, TX. I was invited to give a presentation on software supply chain security at the conference. I grew up in Texas and look for any excuse to get back, so I was happy to support…
When it comes to application security , static application security testing (SAST) is critical. A white-box testing tool, SAST identifies the root cause of vulnerabilities in an application’s source code.
Fortify offers an industry-leading SAST solution…
CyberRes AppSec Education Services is thrilled to announce our first public Cloud DevSecOps Academy. Learn how to integrate Azure, GitLab and GitHub with Fortify SAST & DAST.
Learn More here.
This course gives you multiple ways to include Fortify into your Azure DevOps to create an efficient DevSecOps that runs Static Application Security Testing (SAST) along with your application development (using .NET and Java code sample projects). You…
CyberRes AppSec Education Services is thrilled to announce our first public Cloud DevSecOps Academy . Learn how to integrate Azure, GitLab, and GitHub with Fortify SAST & DAST.
Be sure to mark your calendars for September 15 when Amazon Web Services (AWS) and Micro Focus will be presenting a joint Immersion Day focused on AppSec . This Immersion day will be full of incredible content about security automation at the start of…
Summary Customer wants to know where SCA should be installed on the Jenkins server
Products Fortify Static Code Analyzer Environment SCA
Situation Customer wants to integrate Fortify SAST with Jenkins, so they want to know where SCA should be installed…