Our vBulletin migration is complete.
Welcome vBulletin users! All content and user information from the Micro Focus Forums (vBulletin) site has been migrated to this site. READ MORE.
Highlighted
vkargi
New Member.
3942 views

Approving scan artifacts in SSC programatically

Hi,

Is there any way to approve scan artifacts submitted to SSC programatically. We use gradle for building our java code and using the tools we got installed with Fortify (v16.20) distribution I am able to get everything including build, scan, verify and upload to a remote SSC server. The FPRUtility is also integrated in these steps so that it will stop the upload process if TotalIssueCount > 0.

Now the only manual step left is once the .fpr is uploaded to SSC someone has to login and click the "Approve" button. I would like to know if there are some ways automate this step as well so that as long as TotalIssueCounts = 0, human intervention is not required.

 

Labels (3)
0 Likes
1 Reply
Micro Focus Expert
Micro Focus Expert

Re: Approving scan artifacts in SSC programatically

I have not done this automated Approval before, but have you investigated the SSC API?  It was fully rebuilt in v16.10 to be RESTful rather than the older SOAP API.

 

Live documentation links (v16.10-current):
     http://{SSC URL}:{SSC PORT}/ssc/html/docs/docs.html#/overview
     http://{SSC URL}:{SSC PORT}/ssc/html/docs/api-reference/index.jsp
     http://{SSC URL}:{SSC PORT}/ssc/api/v1/spec.json
 
In the new/current SSC web UI (HTML5) - click on "Help".  You will see a link to the API Documentation in the dialog that comes up.

 

 

And while it may add another stage to your scripts, have you investigated the Audit Assistant feature in SSC, "Scan Analytics"?  This is a free service, but it requires SSC configuration and an authentication Token to reach the HPE Fortify Scan Analytics cloud system.  You would be able to batch submit your SSC Issues to Audit Assistant and our machine-learning system would assign their Audit Status for you programmatically.  This is meant to save the majority of the manual Auditing effort needed, although there will always be some edge cases that still require your review.


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.