0 votes
in Fortify code scanner by

Build Process - Features

Build tool must execute the following features for the successful integration of Fortify with them:

  • Must execute Fortify SCA supported by Compiler.
  • Must run compiler in the path of Operating System, not in the user-defined path.
  • Rather than executing subprocess, they must run the compiler.

Commands

Fortify can be integrated with Touchless, Ant, Gradle, Maven.

Touchless Integration

sourceanalyzer -b <build_id> touchless <build_command>

Ant Integration

sourceanalyzer -b <build_id> ant [<ant_options>]

Gradle Integration

sourceanalyzer -b <buildid> <sca_options> gradle [<gradle_options>] <gradletasks>
Translation Phase - Commands
  • Successful translation requires to have the dependencies that were needed at the time of build.
  • CLI command for translation is:
sourceanalyzer -b <build_id> ... <files>
  • -b option is the build option which ties invocations together.
Translation Phase - Warnings and Listings
  • To list all the warnings and errors arised during translation phase use the command:
sourceanalyzer -b <build_id> -show-build-warnings
  • Use the following command to list the files associated with build ID
sourceanalyzer -b <build_id> -show-files
Analysis Phase - Commands
  • Involves in the process of scanning the intermediate files that were generated at the translation phase.
  • Produces Vulnerability Result file as Output with .fpr extension.
  • CLI command
sourceanalyzer -b <build_id> -scan -f results.fpr
Analysis Phase - Incremental Analysis
  • Analyzes only the code that has changed since the initial full scan.
  • Reduces the Scan time of the project.
  • Supports programming languages like Java, C/C++, C#, and Visual Basic.
  • CLI command for initial full scan with incremental-base option.
sourceanalyzer -b <build_id> -scan -incremental-base -f <results>.fpr
  • CLI command for Incremental scan
sourceanalyzer -b <build_id> -scan -incremental -f <results>.fpr

Related questions

0 votes
asked May 28, 2020 in Fortify code scanner by Hodge
0 votes
asked May 27, 2020 in Fortify code scanner by Hodge
...