Fortify has made available esapi.bin to be used with AWB as an optional rulepack. We have attempted to upload this file to SSC and also tried to add it to AWB. With SSC is it rejected as not a valid file type. In AWB, it is accepted, but does not appear to be used when running a scan.
We have a large number of legacy Java apps that use the ESAPI library for validation. We would like to include this rulepack in all of our instances of SCA/AWB and SSC. Other than adding it in the CLI with each scan, how can this rulepack be added to the static scanning tools and SSC?