I am building a fortify scan image to be used in our CI setup for Jenkins, as we dont use a standalone node were doing docker based build steps.
I first started installing fcli and it sub tools I need to be aible to communicate with the FortifySoftware Security Center. This workes great with the github binary.
We want also to be able sorse scan, as far as I can see I need for that the cli tools (fortifyupdate, sourceanalyzer and scancentral (the later being part of the fcli tool set already).
These are bundles in the Fortify Apps & Tools bundle, I gotten the latest 24.2.0 for linux x64.
However these seems to be a snag when I try to run it I get the error "bash: ./Fortify_Apps_and_Tools_24.2.0_linux_x64.run: cannot execute: required file not found" this seems to be because all my images are based on Alpine most of the time.
If I do the following command:
ldd Fortify_Apps_and_Tools_24.2.0_linux_x64.run
Then I geth the folowing:
/lib64/ld-linux-x86-64.so.2 (0x7f7595602000)
libm.so.6 => /lib64/ld-linux-x86-64.so.2 (0x7f7595602000)
libdl.so.2 => /lib64/ld-linux-x86-64.so.2 (0x7f7595602000)
libpthread.so.0 => /lib64/ld-linux-x86-64.so.2 (0x7f7595602000)
libc.so.6 => /lib64/ld-linux-x86-64.so.2 (0x7f7595602000)
Error relocating Fortify_Apps_and_Tools_24.2.0_linux_x64.run: isnan: symbol not found
Error relocating Fortify_Apps_and_Tools_24.2.0_linux_x64.run: __register_atfork: symbol not found
It seems that the .run not supports ALPINE, has any one run in to this problem. Or have a way to install fortifyupdate, sourceanalyzer so I can use these tools. Or a way to make the installer work quickly.