{"id":8463,"date":"2013-08-16T10:22:15","date_gmt":"2013-08-16T15:22:15","guid":{"rendered":"http:\/\/jianmingli.com\/wp\/?p=8463"},"modified":"2013-08-23T23:02:51","modified_gmt":"2013-08-24T04:02:51","slug":"fortify-code-scan","status":"publish","type":"post","link":"https:\/\/jianmingli.com\/wp\/?p=8463","title":{"rendered":"Fortify Code Scan"},"content":{"rendered":"
\n

Contents<\/h2>\n
    \n\t
  1. \n\t\tInstall Fortify Server<\/a>\n\t<\/li>\n\t
  2. \n\t\tInstall Fortify Client<\/a>\n\t<\/li>\n\t
  3. \n\t\tCreate Fortify Projects<\/a>\n\t<\/li>\n\t
  4. \n\t\tFortify Scan<\/a>\n\t<\/li>\n\t
  5. \n\t\tReview Scan Results<\/a>\n\t<\/li>\n<\/ol>\n<\/ol>\n<\/div>\n
     <\/div>\n

    Install Fortify Server<\/h2><\/span>\n

    Install Fortify Client<\/h2><\/span>\n

    * Install Fortify, e.g. HP_Fortify_SCA_and_Apps_3.50_Windows_x64.exe<\/em>
    \n* Add C:\\Program Files\\Fortify Software\\HP Fortify v3.50\\bin<\/em> to the path environment variable.
    \n* Copy rule files folder to C:\\Program Files\\Fortify Software\\HP Fortify v3.50\\Core\\config\\rules<\/em> directory. <\/p>\n

    Create Fortify Projects<\/h2><\/span>\n

    * Login Fortify web site at http:\/\/scc01:8080\/ssc<\/a>
    \n* Click the Projects<\/em> tab
    \n* Click Add<\/em> to add the project(s) you plan to scan.
    \n* For example, for Maven projects,
    \n– You can create a new project for every child project from the parent pom.xml file using the artifact id as project name. If child pom.xml file specifies its own project name, then use that name instead.
    \n– Use the Maven project version you plan to scan as the version number.
    \n– Alternatively, you can create a project with version 1.x.x<\/strong> to hold all version 1 related scan results.
    \n– Also specify programming language, e.g Java, and a template for all the projects. <\/p>\n

    Fortify Scan<\/h2><\/span>\n

    * Check out project source code, e.g. from SVN. Make sure the version you checked out matches the project version you created in Fortify server.
    \n* Change directory to where parent pom.xml resides.
    \n* Add Fortify plugin to the parent pom.xml file: <\/p>\n

    \r\n\t\r\n\t\tcom.fortify.ps.maven.plugin<\/groupId>\r\n\t\tfortify-maven-plugin<\/artifactId>\r\n\t\t2.6.0002<\/version>\r\n\t\t\r\n\t\t\t${project.name}<\/buildId>\r\n\t\t\t1.6<\/source>\r\n\t\t\t${project.name}<\/toplevelArtifactId>\r\n\t\t\ttrue<\/failOnSCAError>\r\n\t\t\ttrue<\/upload>\r\n\t\t\thttp:\/\/scc01:8080\/ssc<\/f360Url>\r\n\t\t\t...<\/f360AuthToken>\r\n\t\t\t${project.name}<\/projectName>\r\n\t\t\t1.x.x<\/projectVersion>\r\n\t\t\t\r\n\t\t<\/configuration>\r\n\t<\/plugin>              \r\n<\/pre>\n
    * Issue Maven command <\/p>\n
    \r\nmvn fortify:clean fortify:translate fortify:scan\r\n<\/pre>\n
    Review Scan Results<\/h2><\/span>\n
    * Login Fortify web site at http:\/\/scc01:8080\/ssc<\/a>
    \n* On Dashboard page, you should see results for the project version you scanned.
    \n* Click the project version number to view results.
    \n* Click Audit Results<\/em> to start auditing scan results.<\/p>\n","protected":false},"excerpt":{"rendered":"
    Install Fortify Server Install Fortify Client * Install Fortify, e.g. HP_Fortify_SCA_and_Apps_3.50_Windows_x64.exe * Add C:\\Program Files\\Fortify Software\\HP Fortify v3.50\\bin to the path environment variable. * Copy rule files folder to C:\\Program Files\\Fortify Software\\HP Fortify v3.50\\Core\\config\\rules directory. Create Fortify Projects * Login … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[421,420],"tags":[422,638,423],"class_list":["post-8463","post","type-post","status-publish","format-standard","hentry","category-fortify","category-hp","tag-code","tag-fortify","tag-scan"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p8cRUO-2cv","_links":{"self":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/8463","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8463"}],"version-history":[{"count":6,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/8463\/revisions"}],"predecessor-version":[{"id":8617,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/8463\/revisions\/8617"}],"wp:attachment":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8463"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8463"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8463"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}