Browse By Tags

  • Webinar: DevSecOps in 2025: Pairing SAST & SCA for a Next-Gen AppSec Strategy, Jan. 23

    Welcome! You are invited to join a webinar: DevSecOps in 2025: Pairing SAST & SCA for a Next-Gen AppSec Strategy. After registering, you will receive a confirmation email about joining the webinar. Date & Time: Jan 23, 2025 05:00 PM in Amsterdam…
  • FOD-Azure Devops JAVA Error.

    Good day to everybody, I have a problem running a Fortify On Demand pipneline in Azure Devops. It is the IWA-JAVA application for DEMO. The error in question is the following " Error: LinkageError occurred while loading main class com.fortify.scancentral…
  • Fortify On Demand SAST - Microservices integration with Git Actions

    I have a FOD account. I have created an application and under that I have 6 Microservices that are to be scanned. Normal FOD scan no issues, I go to the Application then scan the required Microservice. If i need to integrate the same in GitHub actions…
  • Issue with Fortify SCA and Gradle: compileDebugKotlin Error

    Hello, I am facing an issue when using Fortify Static Code Analyzer (SCA) with a Gradle project. Below are the steps I followed and the error encountered: Steps Taken: Running Gradle without Fortify: ./gradlew build Output: …
  • Eclipse Error

    Hello, I have downloaded the Fortify plugins on Eclipse, and they installed successfully, but when I ran any one of them, nothing was happening. I mean, there was no sign on Eclipse showing that the scan was running. And I have that error.
  • How do I exclude unit tests from SAST scan?

    Hi guys, any of you guys successfully excluded unit test components from scan? How do you do it? My yml file right now have something like this for files exclusions: - '-scanExclusion "fortify-scripts,*spec.ts" for folder of "fortify-scripts" I…
  • Fcli unable to create sc-sast session

    Hello, i'm trying to integrate Fortify SSC into my gitlab pipeline but i didn't work for me. this is my pipeline script : fortify-sast-scancentral : image : fortifydocker/fortify-ci-tools:latest variables : SC_SAST_SENSOR_VERSION : '23.1'…
  • Beyond the Noise: Elevating SAST with Fortify's Precision and Innovation

    When approaching the domain of application security , particularly through the lens of Static Application Security Testing (SAST) , one critical concern that frequently arises pertains to the initial analysis phase with tools like Fortify SAST. The prospect…
  • Monitoring Long Running Scans in Fortify SCA

    When you run Fortify Static Code Analyzer, large and complex scans can often take a long time to complete. During the scan it is not always clear what is happening. While Fortify recommends that you provide your debug logs to the Customer Support team…
  • SSC 23.1 Unable to locate source file rendering information. Completion of an SCA scan using the latest version of sourceanalyzer is required to view source files

    Issue is (Unable to locate source file rendering information. Completion of an SCA scan using the latest version of sourceanalyzer is required to view source files.) getting error in SSC
  • Is there a way for GitLab Runners to use Fortify CI/CD tools to stop a build based on retrieved SCA audit results ?

    Hello All, I have been working on my first integration between Fortify SAST Integration with GitLab. I have been able to successfully implement a rather simple GitLab build pipeline that performs SCA before deploying the application. Is there a feature…
  • Support for Java 17 fortifydocker/fortify-ci-tools

    Is it safe to assume that as of yet fortifydocker/fortify-ci-tools does not support projects built with Java 17 ? (hence the errors I am getting during compilation that the maven plugin is failing because of unsupported Java 17?) I want to make sure…
  • Fortify CLI error

    Hi, I am encountering a problem with the fcli command that I am running. I am trying to start a scan and attach it to an application: + /opt/Fortify/fcli/bin/fcli sc-sast scan start --appversion 3 -p packageWebgoat --sensor-version 22.2.0.0130…
  • What You Need to Know About the 2023 State of Code Security Report

    We recently held a webinar going over the recent 2023 State of Code Security. Thanks to all who were able to attend. If you missed it or you would like to review what we shared, you can catch the on-demand recording here . Below are several highlights…
  • Education: Fortify on Demand SAST DevSecOps

    Ramp up your skills with Fortify on Demand SAST DevSecOps course! This course helps the 'user' run FoD in their DevOps pipelines to include Security early in the SDLC. The focus is around providing simple steps to run Fortify scans in FoD as part of your…
  • Fortify Scatic Code Analyzer and Flutter

    When will fortify support flutter language is there any update on this or in a future release? https://flutter.dev/
  • Jenkins pipeline for remote translation, analysis, and uploading to SSC.

    I need help with setting up my pipeline correctly. I dont have much experience with jenkins and have learnt it on the fly when configuring SCA with Jenkins. Im building the code on my Jenkins controller (Host1) and then translating and scanning it on…
  • Fortify Your APIs and Get Them Battle Ready

    In November, MFGS, Inc. sponsored the AFCEA Alamo ACE conference in San Antonio, TX. I was invited to give a presentation on software supply chain security at the conference. I grew up in Texas and look for any excuse to get back, so I was happy to support…
  • SAST 101: The What, Why, and How of Static Testing

    When it comes to application security , static application security testing (SAST) is critical. A white-box testing tool, SAST identifies the root cause of vulnerabilities in an application’s source code. Fortify offers an industry-leading SAST solution…
  • Education: AppSec Academy Cloud DevSecOps

    CyberRes AppSec Education Services is thrilled to announce our first public Cloud DevSecOps Academy. Learn how to integrate Azure, GitLab and GitHub with Fortify SAST & DAST. Learn More here.
  • Education: Fortify SAST Integration with Azure UPDATED | Ramp up your skills!

    This course gives you multiple ways to include Fortify into your Azure DevOps to create an efficient DevSecOps that runs Static Application Security Testing (SAST) along with your application development (using .NET and Java code sample projects). You…
  • AppSec Academy: Cloud DevSecOps

    CyberRes AppSec Education Services is thrilled to announce our first public Cloud DevSecOps Academy . Learn how to integrate Azure, GitLab, and GitHub with Fortify SAST & DAST.
  • .NET Framework 6.0 Support

    Where can I find when Fortify SAST is going to support .NET Framework 6.0? Thanks in advance!
  • AppSec on the Agenda in Joint Immersion Day with Partner Amazon Web Services

    Be sure to mark your calendars for September 15 when Amazon Web Services (AWS) and Micro Focus will be presenting a joint Immersion Day focused on AppSec . This Immersion day will be full of incredible content about security automation at the start of…
  • Knowledge Doc: [Static Code Analyzer] Where should SCA be installed on the Jenkins server?

    Summary Customer wants to know where SCA should be installed on the Jenkins server Products Fortify Static Code Analyzer Environment SCA Situation Customer wants to integrate Fortify SAST with Jenkins, so they want to know where SCA should be installed…